From e9add7cd2ffcfca23875465e24f8b62f31a53ce7 Mon Sep 17 00:00:00 2001
From: Judy Ng <njud@amazon.com>
Date: Mon, 19 Feb 2024 11:24:21 -0500
Subject: [PATCH] Update readme to add attribution step, update attribution doc
 (#313)

Signed-off-by: Judy Ng <njud@amazon.com>
---
 DEVELOPMENT.md                                |   9 +-
 .../attributions/npm-python-attributions.txt  | 161 ++++++++++++++++--
 2 files changed, 157 insertions(+), 13 deletions(-)

diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
index 0be9594b..ea28dde2 100644
--- a/DEVELOPMENT.md
+++ b/DEVELOPMENT.md
@@ -28,12 +28,15 @@ When working on the project, you may need to add/change a dependency.
 
 ### Product Dependencies
 To add a product dependency, you should add the dependency with a specified version to the `requirements.in` file, 
-and generate `requirements.txt` using [pip-tools](https://github.com/jazzband/pip-tools),
-which is part of dev dependencies (`requirements-dev.txt`)
+and generate `requirements.txt` using `pip-compile` from [pip-tools](https://github.com/jazzband/pip-tools),
+which is part of dev dependencies (`requirements-dev.txt`). Then update the attribution document in
+`frontend/resources/attributions/npm-python-attributions.txt` in the "Python third party dependencies" section 
+accordingly with the new versions or dependencies from `requirements.txt`.
 
 When changing a dependency in the frontend project you should add/Change it in `frontend/package.json`,
 re-generate `frontend/package-lock.json` with `npm install` 
-and update the attribution document in `frontend/resources/attributions/npm-python-attributions.txt` accordingly.
+and update the attribution document in `frontend/resources/attributions/npm-python-attributions.txt` accordingly
+in the "Javascript third party dependencies" section.
 
 ### Dev Dependencies
 To add/change a development dependencies, you can directly change `requirements-dev.txt`.
diff --git a/frontend/resources/attributions/npm-python-attributions.txt b/frontend/resources/attributions/npm-python-attributions.txt
index f3e173c0..f0aef0a8 100644
--- a/frontend/resources/attributions/npm-python-attributions.txt
+++ b/frontend/resources/attributions/npm-python-attributions.txt
@@ -3747,7 +3747,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 ******************************
 
 next
-12.2.0 <https://github.com/vercel/next.js>
+13.5.1 <https://github.com/vercel/next.js>
 The MIT License (MIT)
 
 Copyright (c) 2022 Vercel, Inc.
@@ -3774,7 +3774,7 @@ SOFTWARE.
 ******************************
 
 next-transpile-modules
-9.0.0 <https://github.com/martpie/next-transpile-modules>
+10.0.1 <https://github.com/martpie/next-transpile-modules>
 The MIT License (MIT)
 
 Copyright (c) 2018 Pierre de la Martinière
@@ -5202,7 +5202,7 @@ Python third party dependencies
 -----
 
 Flask
-2.1.2
+2.3.3
 BSD License
 Copyright 2010 Pallets
 
@@ -5246,7 +5246,7 @@ The above copyright notice and this permission notice shall be included in all c
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 Jinja2
-3.1.2
+3.1.3
 BSD License
 Copyright 2007 Pallets
 
@@ -5337,7 +5337,7 @@ SOFTWARE.
 
 
 Werkzeug
-2.2.3
+2.3.8
 BSD License
 Copyright 2007 Pallets
 
@@ -5395,6 +5395,31 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 
 
+blinker
+1.7.0
+MIT License
+
+Copyright 2010 Jason Kirtland
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+
 boto3
 1.24.30
 Apache Software License
@@ -5785,7 +5810,7 @@ DEALINGS IN THE SOFTWARE.
 
 
 certifi
-2022.12.7
+2023.7.22
 Mozilla Public License 2.0 (MPL 2.0)
 This package contains a modified version of ca-bundle.crt:
 
@@ -5810,6 +5835,33 @@ one at http://mozilla.org/MPL/2.0/.
 @(#) $RCSfile: certdata.txt,v $ $Revision: 1.80 $ $Date: 2011/11/03 15:11:58 $
 
 
+cffi
+1.16.0
+MIT License
+
+Copyright (C) 2005-2007, James Bielman  <jamesjb@jamesjb.com>
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the "Software"), to deal in the Software without
+restriction, including without limitation the rights to use, copy,
+modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
+
 charset-normalizer
 2.1.1
 MIT License
@@ -5868,6 +5920,38 @@ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 
+cryptography
+42.0.2
+BSD License
+Copyright (c) Individual contributors.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    3. Neither the name of PyCA Cryptography nor the names of its contributors
+       may be used to endorse or promote products derived from this software
+       without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
 ecdsa
 0.18.0
 MIT
@@ -5897,6 +5981,31 @@ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 OTHER DEALINGS IN THE SOFTWARE.
 
 
+exceptiongroup
+1.1.1
+MIT License
+The MIT License (MIT)
+
+Copyright (c) 2022 Alex Grönholm
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
 idna
 3.4
 BSD License
@@ -6328,7 +6437,39 @@ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE. 
+POSSIBILITY OF SUCH DAMAGE.
+
+
+pycparser
+2.21
+BSD License
+pycparser -- A C parser in Python
+
+Copyright (c) 2008-2022, Eli Bendersky
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+* Neither the name of the copyright holder nor the names of its contributors may
+  be used to endorse or promote products derived from this software without
+  specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 
 pyproject_hooks
@@ -6358,7 +6499,7 @@ THE SOFTWARE.
 
 
 pytest
-7.1.2
+7.2.2
 MIT License
 The MIT License (MIT)
 
@@ -6495,7 +6636,7 @@ SOFTWARE.
 
 
 requests
-2.28.1
+2.31.0
 Apache Software License
 
                                  Apache License
@@ -6949,7 +7090,7 @@ SOFTWARE.
 
 
 urllib3
-1.26.15
+1.26.18
 MIT License
 MIT License