From 8cda938a5c08dc574ed00d1845519400f622f723 Mon Sep 17 00:00:00 2001
From: Motti Saroka <motti.saroka@granulate.io>
Date: Tue, 27 Feb 2024 22:08:15 +0200
Subject: [PATCH 1/3] Handle high and med vulnerabilities

---
 src/gprofiler/requirements.txt           | 2 +-
 src/gprofiler_flamedb_rest/common/go.mod | 4 ++--
 src/gprofiler_logging/requirements.txt   | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/gprofiler/requirements.txt b/src/gprofiler/requirements.txt
index 0e42af7c..03a98adf 100644
--- a/src/gprofiler/requirements.txt
+++ b/src/gprofiler/requirements.txt
@@ -10,5 +10,5 @@ cachetools==5.2.0
 pyhumps==3.8.0
 cmp-version==3.0.0
 setproctitle==1.2.3
-fastapi[all]==0.78.0
+fastapi[all]==0.109.1
 gunicorn==20.1.0
diff --git a/src/gprofiler_flamedb_rest/common/go.mod b/src/gprofiler_flamedb_rest/common/go.mod
index 8b0253e5..2c3ec923 100644
--- a/src/gprofiler_flamedb_rest/common/go.mod
+++ b/src/gprofiler_flamedb_rest/common/go.mod
@@ -26,8 +26,8 @@ require (
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.11 // indirect
 	golang.org/x/arch v0.3.0 // indirect
-	golang.org/x/crypto v0.9.0 // indirect
-	golang.org/x/net v0.10.0 // indirect
+	golang.org/x/crypto v0.17.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/sys v0.8.0 // indirect
 	golang.org/x/text v0.9.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
diff --git a/src/gprofiler_logging/requirements.txt b/src/gprofiler_logging/requirements.txt
index ba7c52f2..d17c7e19 100644
--- a/src/gprofiler_logging/requirements.txt
+++ b/src/gprofiler_logging/requirements.txt
@@ -3,9 +3,9 @@
 # This software and the related documents are Intel copyrighted materials, and your use of them is governed by the express license under which they were provided to you ("License"). Unless the License provides otherwise, you may not use, modify, copy, publish, distribute, disclose or transmit this software or the related documents without Intel's prior written permission.
 # This software and the related documents are provided as is, with no express or implied warranties, other than those that are expressly stated in the License.
 
-fastapi[all]==0.99.0
+fastapi[all]==0.109.1
 aiofiles==0.5.0
 python-json-logger==2.0.1
-orjson==3.6.3
+orjson==3.9.15
 cachetools==4.2.4
 types-orjson==3.6.2

From c484da55d580f4f4822275c6b433c72688332e7d Mon Sep 17 00:00:00 2001
From: Leonid Fonaryov <leonid.fonaryov@granulate.io>
Date: Thu, 29 Feb 2024 10:34:24 +0200
Subject: [PATCH 2/3] all dependencies updated to fix vulnerabilities

---
 deploy/https_nginx.conf                     |  4 ++--
 src/gprofiler-dev/postgres_requirements.txt |  2 +-
 src/gprofiler-dev/requirements.txt          | 14 +++++++-------
 src/gprofiler/Dockerfile                    |  2 +-
 src/gprofiler/README.md                     |  2 +-
 src/gprofiler/frontend/index.html           |  2 +-
 src/gprofiler/requirements.txt              | 13 +++++++------
 src/gprofiler_logging/Dockerfile            |  2 +-
 src/gprofiler_logging/requirements.txt      | 10 ++++++----
 9 files changed, 27 insertions(+), 24 deletions(-)

diff --git a/deploy/https_nginx.conf b/deploy/https_nginx.conf
index 6efa9c0f..1c58afa9 100644
--- a/deploy/https_nginx.conf
+++ b/deploy/https_nginx.conf
@@ -14,7 +14,7 @@ http {
     }
 
     # HTTPS server
-    limit_req_zone $binary_remote_addr zone=ratelimit:10m rate=1r/s;
+#     limit_req_zone $binary_remote_addr zone=ratelimit:10m rate=10r/s;
 
     server {
         listen 443 ssl;
@@ -42,7 +42,7 @@ http {
             auth_basic "Username and password is required";
             auth_basic_user_file /etc/nginx/.htpasswd;
             proxy_pass http://webapp;
-            limit_req zone=ratelimit;
+#             limit_req zone=ratelimit;
         }
     }
 }
diff --git a/src/gprofiler-dev/postgres_requirements.txt b/src/gprofiler-dev/postgres_requirements.txt
index 57a02856..6964f725 100644
--- a/src/gprofiler-dev/postgres_requirements.txt
+++ b/src/gprofiler-dev/postgres_requirements.txt
@@ -4,4 +4,4 @@
 # This software and the related documents are provided as is, with no express or implied warranties, other than those that are expressly stated in the License.
 
 psycopg2-binary==2.9.9
-pydantic[email]==1.8.2
+pydantic[email]==1.10.14
diff --git a/src/gprofiler-dev/requirements.txt b/src/gprofiler-dev/requirements.txt
index c7e47a30..7a33c1ae 100644
--- a/src/gprofiler-dev/requirements.txt
+++ b/src/gprofiler-dev/requirements.txt
@@ -3,12 +3,12 @@
 # This software and the related documents are Intel copyrighted materials, and your use of them is governed by the express license under which they were provided to you ("License"). Unless the License provides otherwise, you may not use, modify, copy, publish, distribute, disclose or transmit this software or the related documents without Intel's prior written permission.
 # This software and the related documents are provided as is, with no express or implied warranties, other than those that are expressly stated in the License.
 
-boto3==1.17.24
-botocore==1.20.24
-terminaltables==3.1.0
-requests~=2.27.0
-python-json-logger==2.0.1
-psutil==5.8.0
+boto3==1.34.25
+botocore==1.34.25
+terminaltables==3.1.10
+requests~=2.31.0
+python-json-logger==2.0.7
+psutil==5.9.8
 backoff==1.10.0
 monotonic==1.6
-simplejson==3.17.6
+simplejson==3.19.2
diff --git a/src/gprofiler/Dockerfile b/src/gprofiler/Dockerfile
index e8093754..7b3ce16b 100644
--- a/src/gprofiler/Dockerfile
+++ b/src/gprofiler/Dockerfile
@@ -14,7 +14,7 @@ RUN yarn --cwd /frontend/ install
 COPY gprofiler/frontend /frontend
 RUN yarn build
 
-FROM python:3.10-bullseye
+FROM python:3.12-bullseye
 
 WORKDIR /usr/src/app
 EXPOSE 80
diff --git a/src/gprofiler/README.md b/src/gprofiler/README.md
index 5fa0052d..dd546411 100644
--- a/src/gprofiler/README.md
+++ b/src/gprofiler/README.md
@@ -2,7 +2,7 @@
 
 ## Running the backend locally
 ### Pre-requisites
-- Python 3.10 or higher is installed on your machine.
+- Python 3.12 or higher is installed on your machine.
 - Running `deploy/docker-compose.yml` without the webapp service - that way you will be covered with all the dependencies, like databases and other services.
 
 Now we need to install the dependencies:
diff --git a/src/gprofiler/frontend/index.html b/src/gprofiler/frontend/index.html
index ae8598af..deb57ba2 100644
--- a/src/gprofiler/frontend/index.html
+++ b/src/gprofiler/frontend/index.html
@@ -5,7 +5,7 @@
         <link rel="shortcut icon" href="/favicon.ico" />
         <meta name="viewport" content="minimum-scale=1, initial-scale=1, width=device-width, shrink-to-fit=no" />
         <meta name="theme-color" content="#000000" />
-        <link rel="manifest" href="/manifest.json" />
+        <link rel="manifest" href="/manifest.json" crossorigin="use-credentials"/>
         <title>gProfiler</title>
     </head>
     <body style="background-color: #f0f2f5">
diff --git a/src/gprofiler/requirements.txt b/src/gprofiler/requirements.txt
index 03a98adf..6558bf78 100644
--- a/src/gprofiler/requirements.txt
+++ b/src/gprofiler/requirements.txt
@@ -4,11 +4,12 @@
 # This software and the related documents are provided as is, with no express or implied warranties, other than those that are expressly stated in the License.
 
 gprofiler_dev[postgres]
-PyYAML==6.0
-jsonschema==4.6.0
-cachetools==5.2.0
+PyYAML==6.0.1
+jsonschema==4.21.1
+cachetools==5.3.2
 pyhumps==3.8.0
 cmp-version==3.0.0
-setproctitle==1.2.3
-fastapi[all]==0.109.1
-gunicorn==20.1.0
+setproctitle==1.3.3
+fastapi==0.109.0
+uvicorn==0.27.0
+gunicorn==21.2.0
diff --git a/src/gprofiler_logging/Dockerfile b/src/gprofiler_logging/Dockerfile
index f51817c2..afe66dcd 100644
--- a/src/gprofiler_logging/Dockerfile
+++ b/src/gprofiler_logging/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.10
+FROM python:3.12
 
 WORKDIR /app
 EXPOSE 80
diff --git a/src/gprofiler_logging/requirements.txt b/src/gprofiler_logging/requirements.txt
index d17c7e19..9a0a573c 100644
--- a/src/gprofiler_logging/requirements.txt
+++ b/src/gprofiler_logging/requirements.txt
@@ -3,9 +3,11 @@
 # This software and the related documents are Intel copyrighted materials, and your use of them is governed by the express license under which they were provided to you ("License"). Unless the License provides otherwise, you may not use, modify, copy, publish, distribute, disclose or transmit this software or the related documents without Intel's prior written permission.
 # This software and the related documents are provided as is, with no express or implied warranties, other than those that are expressly stated in the License.
 
-fastapi[all]==0.109.1
-aiofiles==0.5.0
-python-json-logger==2.0.1
+pydantic[email]==1.10.14
+fastapi==0.109.0
+uvicorn==0.27.0
+aiofiles==23.2.1
+python-json-logger==2.0.7
 orjson==3.9.15
-cachetools==4.2.4
+cachetools==5.3.2
 types-orjson==3.6.2

From a5fde2e43b417210b06daf2332663cebd6835f80 Mon Sep 17 00:00:00 2001
From: Leonid Fonaryov <leonid.fonaryov@granulate.io>
Date: Thu, 29 Feb 2024 10:42:07 +0200
Subject: [PATCH 3/3] fixed yarn.lock

---
 src/gprofiler/frontend/yarn.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/gprofiler/frontend/yarn.lock b/src/gprofiler/frontend/yarn.lock
index d0eb3a53..3aa1e16e 100644
--- a/src/gprofiler/frontend/yarn.lock
+++ b/src/gprofiler/frontend/yarn.lock
@@ -2133,9 +2133,9 @@ find-root@^1.1.0:
   resolved "https://registry.yarnpkg.com/find-root/-/find-root-1.1.0.tgz#abcfc8ba76f708c42a97b3d685b7e9450bfb9ce4"
   integrity sha512-NKfW6bec6GfKc0SGx1e07QZY9PE99u0Bft/0rzSD5k3sO/vwkVUpDUKVm5Gpp5Ue3YfShPFTX2070tDs5kB9Ng==
 
-"flame-chart-js@ssh://git@github.com:Granulate/gflame.git":
+flame-chart-js@Granulate/flame-chart-js.git:
   version "3.1.0"
-  resolved "ssh://git@github.com:Granulate/gflame.git#cbead371f4f88843a37e91830edcbb5a3abcf20c"
+  resolved "https://codeload.github.com/Granulate/flame-chart-js/tar.gz/cbead371f4f88843a37e91830edcbb5a3abcf20c"
   dependencies:
     color "^3.1.3"
     events "^3.2.0"