From fbc2610d230035a685d2bafb22ee3492884e76b4 Mon Sep 17 00:00:00 2001
From: zaha <zahadhamov@gmail.com>
Date: Fri, 12 Apr 2024 16:03:09 +0300
Subject: [PATCH] Updating packages with vulnerabilities (#7713)

---
 .github/workflows/schedule.yml                     | 8 +++++---
 cvat-cli/requirements/base.txt                     | 2 +-
 cvat-sdk/requirements/base.txt                     | 2 +-
 cvat/requirements/base.in                          | 4 ++--
 docker-compose.yml                                 | 2 +-
 helm-chart/values.yaml                             | 2 +-
 site/content/en/docs/contributing/running-tests.md | 4 ++--
 tests/python/requirements.txt                      | 2 +-
 utils/dataset_manifest/requirements.in             | 2 +-
 utils/dicom_converter/requirements.txt             | 2 +-
 10 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/schedule.yml b/.github/workflows/schedule.yml
index 2c1989b829aa..5f4f11131989 100644
--- a/.github/workflows/schedule.yml
+++ b/.github/workflows/schedule.yml
@@ -153,9 +153,11 @@ jobs:
 
       - name: OPA tests
         run: |
-          curl -L -o opa https://openpolicyagent.org/downloads/v0.45.0/opa_linux_amd64_static
-          chmod +x ./opa
-          ./opa test cvat/apps/iam/rules
+          python cvat/apps/iam/rules/tests/generate_tests.py \
+            --output-dir cvat/apps/iam/rules/
+
+          docker compose run --rm -v "$PWD/cvat/apps/iam/rules/:/mnt/rules" \
+            cvat_opa test /mnt/rules
 
       - name: REST API and SDK tests
         run: |
diff --git a/cvat-cli/requirements/base.txt b/cvat-cli/requirements/base.txt
index 42f6811cd379..9201d315846e 100644
--- a/cvat-cli/requirements/base.txt
+++ b/cvat-cli/requirements/base.txt
@@ -1,3 +1,3 @@
 cvat-sdk~=2.12.0
-Pillow>=10.1.0
+Pillow>=10.3.0
 setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability
diff --git a/cvat-sdk/requirements/base.txt b/cvat-sdk/requirements/base.txt
index 87f26e21ed1d..42582413d19d 100644
--- a/cvat-sdk/requirements/base.txt
+++ b/cvat-sdk/requirements/base.txt
@@ -2,7 +2,7 @@
 
 attrs >= 21.4.0
 packaging >= 21.3
-Pillow >= 10.1.0
+Pillow >= 10.3.0
 platformdirs >= 2.1.0
 tqdm >= 4.64.0
 tuspy == 0.2.5 # have it pinned, because SDK has lots of patched TUS code
diff --git a/cvat/requirements/base.in b/cvat/requirements/base.in
index e187d2327dda..063eb8e4a2e1 100644
--- a/cvat/requirements/base.in
+++ b/cvat/requirements/base.in
@@ -22,7 +22,7 @@ django-filter==2.4.0
 django-health-check>=3.18.1,<4
 django-rq==2.8.1
 django-sendfile2==0.7.0
-Django~=4.2.1
+Django~=4.2.7
 djangorestframework~=3.14.0
 drf-spectacular==0.26.2
 furl==2.1.0
@@ -36,7 +36,7 @@ opencv-python-headless~=4.8
 patool==1.12
 
 pdf2image==1.14.0
-Pillow>=10.1.0
+Pillow>=10.3.0
 psutil==5.9.4
 psycopg2-binary==2.9.5
 python-ldap==3.4.3
diff --git a/docker-compose.yml b/docker-compose.yml
index 371ec0b923b1..98eb20219c0f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -274,7 +274,7 @@ services:
 
   cvat_opa:
     container_name: cvat_opa
-    image: openpolicyagent/opa:0.45.0-rootless
+    image: openpolicyagent/opa:0.63.0
     restart: always
     networks:
       cvat:
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index d6f5de34289d..6ce3305242c1 100644
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -180,7 +180,7 @@ cvat:
   opa:
     replicas: 1
     image: openpolicyagent/opa
-    tag: 0.45.0-rootless
+    tag: 0.63.0
     imagePullPolicy: IfNotPresent
     labels: {}
     #  test: test
diff --git a/site/content/en/docs/contributing/running-tests.md b/site/content/en/docs/contributing/running-tests.md
index 6079279a989b..e6e68f6f85f4 100644
--- a/site/content/en/docs/contributing/running-tests.md
+++ b/site/content/en/docs/contributing/running-tests.md
@@ -213,13 +213,13 @@ python cvat/apps/iam/rules/tests/generate_tests.py \
 - In a Docker container
 ```bash
 docker run --rm -v ${PWD}/cvat/apps/iam/rules:/rules \
-   openpolicyagent/opa:0.45.0-rootless \
+   openpolicyagent/opa:0.63.0 \
    test /rules -v
 ```
 
 - or execute OPA directly
 ```bash
-curl -L -o opa https://openpolicyagent.org/downloads/v0.45.0/opa_linux_amd64_static
+curl -L -o opa https://openpolicyagent.org/downloads/v0.63.0/opa_linux_amd64_static
 chmod +x ./opa
 ./opa test cvat/apps/iam/rules
 ```
diff --git a/tests/python/requirements.txt b/tests/python/requirements.txt
index d2cf925ed155..bb1eb57048ab 100644
--- a/tests/python/requirements.txt
+++ b/tests/python/requirements.txt
@@ -6,7 +6,7 @@ pytest-cov==4.1.0
 requests==2.31.0
 deepdiff==5.6.0
 boto3==1.17.61
-Pillow==10.2.0
+Pillow==10.3.0
 python-dateutil==2.8.2
 pyyaml==6.0.0
 numpy==1.22.0
\ No newline at end of file
diff --git a/utils/dataset_manifest/requirements.in b/utils/dataset_manifest/requirements.in
index 92f53d42bb9b..eee82885f7c5 100644
--- a/utils/dataset_manifest/requirements.in
+++ b/utils/dataset_manifest/requirements.in
@@ -1,5 +1,5 @@
 av==9.2.0  # Pinned for the whole CVAT
 natsort>=8.0.0
 opencv-python-headless>=4.4.0.42
-Pillow>=10.1.0
+Pillow>=10.3.0
 tqdm>=4.58.0
diff --git a/utils/dicom_converter/requirements.txt b/utils/dicom_converter/requirements.txt
index 22d0c2b1f367..22e73fc1692a 100644
--- a/utils/dicom_converter/requirements.txt
+++ b/utils/dicom_converter/requirements.txt
@@ -1,4 +1,4 @@
 numpy==1.22.0
-Pillow==10.2.0
+Pillow==10.3.0
 pydicom==2.1.2
 tqdm==4.60.0