From 0086c0b9cede1f7b846f76e4f621ef6e85c0eb4c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Sep 2024 08:21:42 +0000 Subject: [PATCH 01/15] Bump ruff from 0.6.4 to 0.6.5 Bumps [ruff](https://github.com/astral-sh/ruff) from 0.6.4 to 0.6.5. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/0.6.4...0.6.5) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.in b/requirements-dev.in index 22b7c061..3e7b5cb9 100644 --- a/requirements-dev.in +++ b/requirements-dev.in @@ -6,5 +6,5 @@ pytest-timeout==2.3.1 pylint==3.2.7 randomname==0.2.1 requests-mock==1.12.1 -ruff==0.6.4 +ruff==0.6.5 parameterized==0.9.0 From 0252f257954a81343a354187c9bc2f019b63684d Mon Sep 17 00:00:00 2001 From: thoHeinze Date: Fri, 23 Aug 2024 09:24:35 +0200 Subject: [PATCH 02/15] Add warning about pinned AWS root CAs * in the mendix buildpack the supported RDS certificates are hardcoded in the directory /etc * the existing AWS RDS certificates `rds-ca-2019` has expired on 22th August 2024: https://aws.amazon.com/de/blogs/aws/rotate-your-ssl-tls-certificates-now-amazon-rds-and-amazon-aurora-expire-in-2024/ * the new certificates were the first time introduced in https://github.com/mendix/cf-mendix-buildpack/pull/668 * as result, all buildpacks prior to version v5.0.5 are known to no longer work with AWS RDS --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 553837b8..408ed0ce 100644 --- a/README.md +++ b/README.md @@ -198,6 +198,8 @@ cf set-env DATABASE_CONNECTION_PARAMS '{"tcpKeepAlive": "true", "conn To allow connection to an AWS RDS database the buildpack selects the regional CA certificate stored in [`rds-certificates`](etc/rds-certificates). If the region's certificate doesn't exist, the buildpack will fail with an error `Could not find database CA certificate in map`. +*:warning: After the root CA rotation of AWS RDS on 22nd August 2024, only buildpacks v5.0.5 or higher will continue to work, all older buildpacks only import no longer valid certificates and no longer can establish a connection to AWS RDS.* + #### Supported VCAP Schemas Cloud Foundry database services are detected from Cloud Foundry service bindings ([VCAP](https://docs.cloudfoundry.org/devguide/deploy-apps/environment-variable.html#VCAP-SERVICES)) and translated into Mendix Runtime configuration. In case no database service is bound, the fallback is the environment variable `DATABASE_URL`. From 1db1e42f6204fa337085d6d2ea2832d2ef93b358 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 14:25:41 +0000 Subject: [PATCH 03/15] Bump pylint from 3.2.7 to 3.3.0 Bumps [pylint](https://github.com/pylint-dev/pylint) from 3.2.7 to 3.3.0. - [Release notes](https://github.com/pylint-dev/pylint/releases) - [Commits](https://github.com/pylint-dev/pylint/compare/v3.2.7...v3.3.0) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.in b/requirements-dev.in index 3e7b5cb9..d72b7104 100644 --- a/requirements-dev.in +++ b/requirements-dev.in @@ -3,7 +3,7 @@ idna==3.8 pytest==8.3.3 pytest-timer==1.0.0 pytest-timeout==2.3.1 -pylint==3.2.7 +pylint==3.3.0 randomname==0.2.1 requests-mock==1.12.1 ruff==0.6.5 From f1cf27878efbbce83068d287d62db67fddd5048c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 19:52:25 +0000 Subject: [PATCH 04/15] Bump idna from 3.8 to 3.10 Bumps [idna](https://github.com/kjd/idna) from 3.8 to 3.10. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.8...v3.10) --- updated-dependencies: - dependency-name: idna dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.in | 2 +- requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements-dev.in b/requirements-dev.in index d72b7104..26069063 100644 --- a/requirements-dev.in +++ b/requirements-dev.in @@ -1,5 +1,5 @@ click==8.1.7 -idna==3.8 +idna==3.10 pytest==8.3.3 pytest-timer==1.0.0 pytest-timeout==2.3.1 diff --git a/requirements.txt b/requirements.txt index 02ceb37f..9b12d18c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -22,7 +22,7 @@ distro==1.9.0 # via -r requirements.in httplib2==0.22.0 # via -r requirements.in -idna==3.7 +idna==3.10 # via requests jinja2==3.1.4 # via -r requirements.in From 9403826393c6d328e0e0d70a56f43e488ce973ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 20:06:16 +0000 Subject: [PATCH 05/15] Bump ruff from 0.6.5 to 0.6.7 Bumps [ruff](https://github.com/astral-sh/ruff) from 0.6.5 to 0.6.7. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/0.6.5...0.6.7) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.in b/requirements-dev.in index 26069063..9079faa6 100644 --- a/requirements-dev.in +++ b/requirements-dev.in @@ -6,5 +6,5 @@ pytest-timeout==2.3.1 pylint==3.3.0 randomname==0.2.1 requests-mock==1.12.1 -ruff==0.6.5 +ruff==0.6.7 parameterized==0.9.0 From 5a28db4d5d317c9fd6101fd06c52148fa1f35a21 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 14:51:36 +0000 Subject: [PATCH 06/15] Bump ruff from 0.6.7 to 0.6.8 Bumps [ruff](https://github.com/astral-sh/ruff) from 0.6.7 to 0.6.8. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/0.6.7...0.6.8) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.in b/requirements-dev.in index 9079faa6..24b880fe 100644 --- a/requirements-dev.in +++ b/requirements-dev.in @@ -6,5 +6,5 @@ pytest-timeout==2.3.1 pylint==3.3.0 randomname==0.2.1 requests-mock==1.12.1 -ruff==0.6.7 +ruff==0.6.8 parameterized==0.9.0 From 11cdff71e811ffb0e15f0d42fb2d28cfa2962435 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 10:39:03 +0000 Subject: [PATCH 07/15] Bump pylint from 3.3.0 to 3.3.1 Bumps [pylint](https://github.com/pylint-dev/pylint) from 3.3.0 to 3.3.1. - [Release notes](https://github.com/pylint-dev/pylint/releases) - [Commits](https://github.com/pylint-dev/pylint/compare/v3.3.0...v3.3.1) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.in b/requirements-dev.in index 24b880fe..6db32384 100644 --- a/requirements-dev.in +++ b/requirements-dev.in @@ -3,7 +3,7 @@ idna==3.10 pytest==8.3.3 pytest-timer==1.0.0 pytest-timeout==2.3.1 -pylint==3.3.0 +pylint==3.3.1 randomname==0.2.1 requests-mock==1.12.1 ruff==0.6.8 From 262415425f189bb1d5a9371996c25c119b12c919 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Oct 2024 14:30:47 +0000 Subject: [PATCH 08/15] Bump psycopg2-binary from 2.9.9 to 2.9.10 Bumps [psycopg2-binary](https://github.com/psycopg/psycopg2) from 2.9.9 to 2.9.10. - [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS) - [Commits](https://github.com/psycopg/psycopg2/commits) --- updated-dependencies: - dependency-name: psycopg2-binary dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.in | 2 +- requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.in b/requirements.in index 2da292b5..619fc582 100644 --- a/requirements.in +++ b/requirements.in @@ -5,7 +5,7 @@ distro==1.9.0 httplib2==0.22.0 jinja2==3.1.4 omegaconf==2.3.0 -psycopg2-binary==2.9.9 +psycopg2-binary==2.9.10 pyyaml==6.0.2 requests==2.32.3 urllib3==2.2.3 diff --git a/requirements.txt b/requirements.txt index 9b12d18c..295df533 100644 --- a/requirements.txt +++ b/requirements.txt @@ -30,7 +30,7 @@ markupsafe==2.0.1 # via jinja2 omegaconf==2.3.0 # via -r requirements.in -psycopg2-binary==2.9.9 +psycopg2-binary==2.9.10 # via -r requirements.in pycparser==2.20 # via cffi From b7b4e04bb2dfb0e4c232b7ac2afa0c60263a66d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Oct 2024 14:31:11 +0000 Subject: [PATCH 09/15] Bump ruff from 0.6.8 to 0.7.0 Bumps [ruff](https://github.com/astral-sh/ruff) from 0.6.8 to 0.7.0. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/0.6.8...0.7.0) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.in b/requirements-dev.in index 6db32384..aa3176ee 100644 --- a/requirements-dev.in +++ b/requirements-dev.in @@ -6,5 +6,5 @@ pytest-timeout==2.3.1 pylint==3.3.1 randomname==0.2.1 requests-mock==1.12.1 -ruff==0.6.8 +ruff==0.7.0 parameterized==0.9.0 From c22916b75a7bb28205b0e77011bafb625382aa29 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Oct 2024 14:31:25 +0000 Subject: [PATCH 10/15] Bump cryptography from 43.0.1 to 43.0.3 Bumps [cryptography](https://github.com/pyca/cryptography) from 43.0.1 to 43.0.3. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/43.0.1...43.0.3) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.in | 2 +- requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.in b/requirements.in index 2da292b5..09a2c8b4 100644 --- a/requirements.in +++ b/requirements.in @@ -1,6 +1,6 @@ backoff==2.2.1 certifi==2024.8.30 -cryptography==43.0.1 +cryptography==43.0.3 distro==1.9.0 httplib2==0.22.0 jinja2==3.1.4 diff --git a/requirements.txt b/requirements.txt index 9b12d18c..e30001c0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -16,7 +16,7 @@ cffi==1.14.4 # via cryptography charset-normalizer==2.0.3 # via requests -cryptography==43.0.1 +cryptography==43.0.3 # via -r requirements.in distro==1.9.0 # via -r requirements.in From 714913ea0f7a1a41a877d8e4d8444d62b40a62ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 14:19:36 +0000 Subject: [PATCH 11/15] Bump ruff from 0.7.0 to 0.7.2 Bumps [ruff](https://github.com/astral-sh/ruff) from 0.7.0 to 0.7.2. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/0.7.0...0.7.2) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.in b/requirements-dev.in index aa3176ee..3659fcc8 100644 --- a/requirements-dev.in +++ b/requirements-dev.in @@ -6,5 +6,5 @@ pytest-timeout==2.3.1 pylint==3.3.1 randomname==0.2.1 requests-mock==1.12.1 -ruff==0.7.0 +ruff==0.7.2 parameterized==0.9.0 From 802b57c7b9d3b3fe9bac6ce12590a7c44e49243a Mon Sep 17 00:00:00 2001 From: Vaibhav Kumar Date: Wed, 6 Nov 2024 17:28:37 +0530 Subject: [PATCH 12/15] Bump nginx from 1.22.1 to 1.26.1 --- dependencies.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dependencies.yml b/dependencies.yml index 7f5fae1c..a8d1a911 100644 --- a/dependencies.yml +++ b/dependencies.yml @@ -89,10 +89,10 @@ dependencies: version: 8.6.0 nginx: artifact: nginx_{{ version }}_linux_x64_{{ fs }}_{{ commit }}.tgz - commit: 909b06a9 + commit: b1316f75 fs: cflinuxfs4 cpe: cpe:2.3:a:f5:nginx:{{ version }}:*:*:*:*:*:*:* - version: 1.22.1 + version: 1.26.1 ruby: artifact: ruby/ruby_{{ version }}_linux_x64_{{ fs }}_{{ commit }}.tgz commit: 5fed98f8 From 65241c20f25147dd793f3c316f18a69400ff6456 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 11:03:31 +0000 Subject: [PATCH 13/15] Bump ruff from 0.7.2 to 0.7.3 Bumps [ruff](https://github.com/astral-sh/ruff) from 0.7.2 to 0.7.3. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/0.7.2...0.7.3) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.in b/requirements-dev.in index 3659fcc8..5cd98c17 100644 --- a/requirements-dev.in +++ b/requirements-dev.in @@ -6,5 +6,5 @@ pytest-timeout==2.3.1 pylint==3.3.1 randomname==0.2.1 requests-mock==1.12.1 -ruff==0.7.2 +ruff==0.7.3 parameterized==0.9.0 From 66ca61b196c65f3b6458a7c212b4b290397af3ff Mon Sep 17 00:00:00 2001 From: Joey den Broeder Date: Tue, 1 Oct 2024 13:29:27 +0100 Subject: [PATCH 14/15] Update and run pre-commit --- .pre-commit-config.yaml | 7 ++++--- buildpack/core/runtime.py | 2 +- buildpack/infrastructure/database.py | 2 +- buildpack/telemetry/metrics.py | 2 +- dependencies-stage.yml | 2 +- 5 files changed, 8 insertions(+), 7 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b4da6791..40dab12d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,12 +2,12 @@ fail_fast: false repos: - repo: https://github.com/adrienverge/yamllint.git - rev: v1.33.0 + rev: v1.35.1 hooks: - id: yamllint args: ["--format", "parsable", "--strict"] - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 + rev: v5.0.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer @@ -15,11 +15,12 @@ repos: - id: mixed-line-ending - id: check-json - id: detect-aws-credentials + args: ["--allow-missing-credentials"] - repo: https://github.com/markdownlint/markdownlint rev: v0.12.0 hooks: - id: markdownlint_docker - repo: https://github.com/charliermarsh/ruff-pre-commit - rev: 'v0.1.6' + rev: 'v0.7.3' hooks: - id: ruff diff --git a/buildpack/core/runtime.py b/buildpack/core/runtime.py index b2c5e367..a9e79c6a 100644 --- a/buildpack/core/runtime.py +++ b/buildpack/core/runtime.py @@ -185,7 +185,7 @@ def _activate_license(): """ - + license_key = os.environ.get( "FORCED_LICENSE_KEY", os.environ.get("LICENSE_KEY", None) ) diff --git a/buildpack/infrastructure/database.py b/buildpack/infrastructure/database.py index 601bbb87..f5912d90 100644 --- a/buildpack/infrastructure/database.py +++ b/buildpack/infrastructure/database.py @@ -347,7 +347,7 @@ def init(self): jdbc_params.update({"sslmode": "verify-full"}) except Exception: raise Exception("Could not find database CA certificate in map") - + if database_type == "PostgreSQL" and not self.url.startswith("jdbc:"): self.extract_inline_cert(jdbc_params, self.SSLCERT, "postgresql.crt") self.extract_inline_cert(jdbc_params, self.SSLKEY, "postgresql.pk8") diff --git a/buildpack/telemetry/metrics.py b/buildpack/telemetry/metrics.py index 876b9413..e3e24f19 100644 --- a/buildpack/telemetry/metrics.py +++ b/buildpack/telemetry/metrics.py @@ -119,7 +119,7 @@ def micrometer_metrics_enabled(runtime_version): logging.debug("micrometer for non mendix public cloud") micrometer_enabled = True return micrometer_enabled - + def configure_metrics_registry(m2ee): diff --git a/dependencies-stage.yml b/dependencies-stage.yml index d7994f9e..87ac5424 100644 --- a/dependencies-stage.yml +++ b/dependencies-stage.yml @@ -5,5 +5,5 @@ uri: https://cdn.mendix.com/mx-buildpack/python/python_3.10.14_linux_x64_cflinuxfs4_dda5228c.tgz sha256: dda5228c36196f8a7346767ad9c9ac774ec270aa55065beb8d3d052d652b9120 cf_stacks: - - cflinuxfs4 + - cflinuxfs4 source_sha256: cefea32d3be89c02436711c95a45c7f8e880105514b78680c14fe76f5709a0f6 From 3aedaa15df4d366ec139de7e9501caae2e1c7f2e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 15:16:16 +0000 Subject: [PATCH 15/15] Bump ruff from 0.7.3 to 0.7.4 Bumps [ruff](https://github.com/astral-sh/ruff) from 0.7.3 to 0.7.4. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/0.7.3...0.7.4) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.in b/requirements-dev.in index 5cd98c17..5b3a8da8 100644 --- a/requirements-dev.in +++ b/requirements-dev.in @@ -6,5 +6,5 @@ pytest-timeout==2.3.1 pylint==3.3.1 randomname==0.2.1 requests-mock==1.12.1 -ruff==0.7.3 +ruff==0.7.4 parameterized==0.9.0