From 39cd7272f0b37e3cda29596edbeab72c35f72b5f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 14 Jan 2025 21:56:16 +0000 Subject: [PATCH] Update all dependencies --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/mega-linter.yml | 8 ++++---- .github/workflows/scorecard.yml | 4 ++-- Dockerfile | 4 ++-- pyproject.toml | 10 +++++----- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 80d59132..eb37e3a1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -29,11 +29,11 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Initialize CodeQL - uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: languages: "python" - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: category: "/language:python" diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 8ce68759..307f193c 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -25,7 +25,7 @@ jobs: steps: # Git Checkout - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -51,7 +51,7 @@ jobs: # Upload MegaLinter artifacts - name: Archive production artifacts if: ${{ success() || failure() }} - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: MegaLinter reports path: | @@ -62,7 +62,7 @@ jobs: - name: Create Pull Request with applied fixes id: cpr if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6 with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} commit-message: "[MegaLinter] Apply linters automatic fixes" @@ -80,7 +80,7 @@ jobs: run: sudo chown -Rc $UID .git/ - name: Commit and push applied linter fixes if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') - uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 + uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0 with: branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} commit_message: "[MegaLinter] Apply linters fixes" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ddca6898..5d913e6a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -44,6 +44,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: results.sarif diff --git a/Dockerfile b/Dockerfile index 739255b4..c191d786 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM cgr.dev/chainguard/python:latest-dev@sha256:912ce75048fac19785891f3ab53f4ccd3ac714d920aaf6e5f8919bb25e109126 AS builder +FROM cgr.dev/chainguard/python:latest-dev@sha256:dbcd193ea7b2796c18df81352cfe1468754527ace62e1619af924c363df1aa8f AS builder ENV PATH=$PATH:/home/nonroot/.local/bin @@ -10,7 +10,7 @@ ENV PATH=/home/nonroot/.local/bin:$PATH RUN wget -q -O - https://install.python-poetry.org | python - RUN poetry install --no-root; -FROM cgr.dev/chainguard/python:latest@sha256:2d14d0505ffe2d03b1cef2675dec60b3d1da3576732a127249058655cecf64dc +FROM cgr.dev/chainguard/python:latest@sha256:be8b29da444bc888f920593b21978b70ec49facfe2ffd24a91c8c3c7084100f5 USER nonroot ENV DB_HOST localhost ENV DB_NAME postgres diff --git a/pyproject.toml b/pyproject.toml index 9d23e1eb..ed490bed 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,16 +10,16 @@ readme = "README.md" python = "^3.12" fastapi = "0.115.6" psycopg2-binary = "2.9.10" -pydantic = "2.10.3" -sqlalchemy = "2.0.36" -uvicorn = "0.32.1" +pydantic = "2.10.5" +sqlalchemy = "2.0.37" +uvicorn = "0.34.0" requests = "2.32.3" -certifi = "2024.8.30" +certifi = "2024.12.14" cvss = "3.3" defusedxml = "0.7.1" packageurl-python = "0.16.0" idna = "3.10" -starlette = "0.41.3" +starlette = "0.45.2" [build-system]