diff --git a/packages/postgres-database/requirements/_base.in b/packages/postgres-database/requirements/_base.in index da6c74026c1..3310b6c2b46 100644 --- a/packages/postgres-database/requirements/_base.in +++ b/packages/postgres-database/requirements/_base.in @@ -1,9 +1,6 @@ # # Specifies third-party dependencies for 'simcore-postgres-database' # - -# psycopg2-binary # enforces binary version -# sqlalchemy>=1.3.3 # https://nvd.nist.gov/vuln/detail/CVE-2019-7164 -sqlalchemy[postgresql_psycopg2binary]>=1.3.3 +sqlalchemy[postgresql_psycopg2binary]>=1.3.3 # binary + Vulnerability yarl diff --git a/packages/postgres-database/requirements/_base.txt b/packages/postgres-database/requirements/_base.txt index 574e3ed80aa..6cc71f5dcbd 100644 --- a/packages/postgres-database/requirements/_base.txt +++ b/packages/postgres-database/requirements/_base.txt @@ -2,10 +2,10 @@ # This file is autogenerated by pip-compile # To update, run: # -# make _base.txt +# pip-compile --output-file=_base.txt _base.in # idna==2.8 # via yarl multidict==4.5.2 # via yarl psycopg2-binary==2.8.4 # via sqlalchemy -sqlalchemy[postgresql_psycopg2binary]==1.3.5 -yarl==1.3.0 +sqlalchemy[postgresql_psycopg2binary]==1.3.5 # via -r _base.in +yarl==1.3.0 # via -r _base.in diff --git a/packages/postgres-database/requirements/_migration.in b/packages/postgres-database/requirements/_migration.in index 331a5cf7fb7..4758745b865 100644 --- a/packages/postgres-database/requirements/_migration.in +++ b/packages/postgres-database/requirements/_migration.in @@ -5,6 +5,7 @@ -r _base.txt certifi==2019.6.16 # added contraint to fit pre-installation of jupyter/base-notebook:python-3.7.3 (cannot uninstall) +urllib3>=1.25.8 # Vulnerability alembic click diff --git a/packages/postgres-database/requirements/_migration.txt b/packages/postgres-database/requirements/_migration.txt index 7cad6b7b0f5..d2d31466a93 100644 --- a/packages/postgres-database/requirements/_migration.txt +++ b/packages/postgres-database/requirements/_migration.txt @@ -4,22 +4,22 @@ # # pip-compile --output-file=_migration.txt _migration.in # -alembic==1.0.8 -certifi==2019.6.16 +alembic==1.0.8 # via -r _migration.in +certifi==2019.6.16 # via -r _migration.in, requests chardet==3.0.4 # via requests -click==7.0 -docker==4.0.2 -idna==2.8 +click==7.0 # via -r _migration.in +docker==4.0.2 # via -r _migration.in +idna==2.8 # via -r _base.txt, requests, yarl mako==1.0.12 # via alembic markupsafe==1.1.1 # via mako -multidict==4.5.2 -psycopg2-binary==2.8.4 +multidict==4.5.2 # via -r _base.txt, yarl +psycopg2-binary==2.8.4 # via -r _base.txt, sqlalchemy python-dateutil==2.8.0 # via alembic python-editor==1.0.4 # via alembic requests==2.22.0 # via docker six==1.12.0 # via docker, python-dateutil, tenacity, websocket-client -sqlalchemy[postgresql_psycopg2binary]==1.3.5 -tenacity==6.0.0 -urllib3==1.25.3 # via requests +sqlalchemy[postgresql_psycopg2binary]==1.3.5 # via -r _base.txt, alembic +tenacity==6.0.0 # via -r _migration.in +urllib3==1.25.8 # via -r _migration.in, requests websocket-client==0.56.0 # via docker -yarl==1.3.0 +yarl==1.3.0 # via -r _base.txt diff --git a/packages/postgres-database/requirements/_test.txt b/packages/postgres-database/requirements/_test.txt index f568029e97f..bcdcfce707b 100644 --- a/packages/postgres-database/requirements/_test.txt +++ b/packages/postgres-database/requirements/_test.txt @@ -5,63 +5,63 @@ # pip-compile --output-file=_test.txt _test.in # aiohttp==3.6.2 # via pytest-aiohttp -aiopg[sa]==1.0.0 -alembic==1.0.8 +aiopg[sa]==1.0.0 # via -r _test.in +alembic==1.0.8 # via -r _migration.txt appdirs==1.4.3 # via black astroid==2.3.3 # via pylint async-timeout==3.0.1 # via aiohttp attrs==19.3.0 # via aiohttp, black, pytest, pytest-docker -black==19.10b0 -bump2version==1.0.0 -certifi==2019.6.16 -chardet==3.0.4 -click==7.0 -coverage==4.5.1 -coveralls==1.11.1 -docker==4.0.2 +black==19.10b0 # via -r ../../../requirements.txt +bump2version==1.0.0 # via -r ../../../requirements.txt +certifi==2019.6.16 # via -r _migration.txt, requests +chardet==3.0.4 # via -r _migration.txt, aiohttp, requests +click==7.0 # via -r _migration.txt, black, pip-tools +coverage==4.5.1 # via -r _test.in, coveralls, pytest-cov +coveralls==1.11.1 # via -r _test.in +docker==4.0.2 # via -r _migration.txt docopt==0.6.2 # via coveralls -faker==4.0.1 +faker==4.0.1 # via -r _test.in idna-ssl==1.1.0 # via aiohttp -idna==2.8 +idna==2.8 # via -r _migration.txt, requests, yarl importlib-metadata==1.5.0 # via pluggy, pytest isort==4.3.21 # via pylint lazy-object-proxy==1.4.3 # via astroid -mako==1.0.12 -markupsafe==1.1.1 +mako==1.0.12 # via -r _migration.txt, alembic +markupsafe==1.1.1 # via -r _migration.txt, mako mccabe==0.6.1 # via pylint more-itertools==8.2.0 # via pytest -multidict==4.5.2 +multidict==4.5.2 # via -r _migration.txt, aiohttp, yarl packaging==20.3 # via pytest pathspec==0.7.0 # via black -pip-tools==4.5.1 +pip-tools==4.5.1 # via -r ../../../requirements.txt pluggy==0.13.1 # via pytest -psycopg2-binary==2.8.4 +psycopg2-binary==2.8.4 # via -r _migration.txt, aiopg, sqlalchemy py==1.8.1 # via pytest -pyaml==20.3.1 -pylint==2.4.4 +pyaml==20.3.1 # via -r _test.in +pylint==2.4.4 # via -r ../../../requirements.txt, -r _test.in pyparsing==2.4.6 # via packaging -pytest-aiohttp==0.3.0 -pytest-cov==2.8.1 -pytest-docker==0.7.2 -pytest-instafail==0.4.1.post0 -pytest-runner==5.2 -pytest==5.3.5 -python-dateutil==2.8.0 -python-editor==1.0.4 +pytest-aiohttp==0.3.0 # via -r _test.in +pytest-cov==2.8.1 # via -r _test.in +pytest-docker==0.7.2 # via -r _test.in +pytest-instafail==0.4.1.post0 # via -r _test.in +pytest-runner==5.2 # via -r _test.in +pytest==5.3.5 # via -r _test.in, pytest-aiohttp, pytest-cov, pytest-instafail +python-dateutil==2.8.0 # via -r _migration.txt, alembic, faker +python-editor==1.0.4 # via -r _migration.txt, alembic pyyaml==5.3 # via pyaml regex==2020.2.20 # via black -requests==2.22.0 -rope==0.16.0 -six==1.12.0 -sqlalchemy[postgresql_psycopg2binary]==1.3.5 -tenacity==6.0.0 +requests==2.22.0 # via -r _migration.txt, coveralls, docker +rope==0.16.0 # via -r ../../../requirements.txt +six==1.12.0 # via -r _migration.txt, astroid, docker, packaging, pip-tools, python-dateutil, tenacity, websocket-client +sqlalchemy[postgresql_psycopg2binary]==1.3.5 # via -r _migration.txt, aiopg, alembic +tenacity==6.0.0 # via -r _migration.txt text-unidecode==1.3 # via faker toml==0.10.0 # via black typed-ast==1.4.1 # via astroid, black typing-extensions==3.7.4.1 # via aiohttp -urllib3==1.25.3 +urllib3==1.25.8 # via -r _migration.txt, requests wcwidth==0.1.8 # via pytest -websocket-client==0.56.0 +websocket-client==0.56.0 # via -r _migration.txt, docker wrapt==1.11.2 # via astroid -yarl==1.3.0 +yarl==1.3.0 # via -r _migration.txt, aiohttp zipp==3.1.0 # via importlib-metadata diff --git a/packages/s3wrapper/requirements/_base.in b/packages/s3wrapper/requirements/_base.in index e6e939fdf64..eee06c2ad64 100644 --- a/packages/s3wrapper/requirements/_base.in +++ b/packages/s3wrapper/requirements/_base.in @@ -1,5 +1,5 @@ # # Specifies third-party dependencies for 's3wrapper' # - +urllib3>=1.25.8 minio diff --git a/packages/s3wrapper/requirements/_base.txt b/packages/s3wrapper/requirements/_base.txt index 39d97c53df5..55455e7e483 100644 --- a/packages/s3wrapper/requirements/_base.txt +++ b/packages/s3wrapper/requirements/_base.txt @@ -5,8 +5,8 @@ # pip-compile --output-file=_base.txt _base.in # certifi==2019.3.9 # via minio -minio==4.0.16 +minio==4.0.16 # via -r _base.in python-dateutil==2.8.0 # via minio pytz==2019.1 # via minio six==1.12.0 # via python-dateutil -urllib3==1.25.2 # via minio +urllib3==1.25.8 # via -r _base.in, minio diff --git a/packages/s3wrapper/requirements/_test.txt b/packages/s3wrapper/requirements/_test.txt index 27d2b40763d..e81928f8b62 100644 --- a/packages/s3wrapper/requirements/_test.txt +++ b/packages/s3wrapper/requirements/_test.txt @@ -6,33 +6,33 @@ # astroid==2.3.3 # via pylint attrs==19.3.0 # via pytest, pytest-docker -certifi==2019.3.9 +certifi==2019.3.9 # via -r _base.txt, minio, requests chardet==3.0.4 # via requests -coverage==4.5.1 -coveralls==1.11.1 +coverage==4.5.1 # via -r _test.in, coveralls, pytest-cov +coveralls==1.11.1 # via -r _test.in docopt==0.6.2 # via coveralls idna==2.9 # via requests importlib-metadata==1.5.0 # via pluggy, pytest isort==4.3.21 # via pylint lazy-object-proxy==1.4.3 # via astroid mccabe==0.6.1 # via pylint -minio==4.0.16 +minio==4.0.16 # via -r _base.txt more-itertools==8.2.0 # via pytest packaging==20.3 # via pytest pluggy==0.13.1 # via pytest py==1.8.1 # via pytest -pylint==2.4.4 +pylint==2.4.4 # via -r _test.in pyparsing==2.4.6 # via packaging -pytest-cov==2.8.1 -pytest-docker==0.7.2 -pytest-runner==5.2 -pytest==5.3.5 -python-dateutil==2.8.0 -pytz==2019.1 -requests==2.23.0 -six==1.12.0 +pytest-cov==2.8.1 # via -r _test.in +pytest-docker==0.7.2 # via -r _test.in +pytest-runner==5.2 # via -r _test.in +pytest==5.3.5 # via -r _test.in, pytest-cov +python-dateutil==2.8.0 # via -r _base.txt, minio +pytz==2019.1 # via -r _base.txt, minio +requests==2.23.0 # via -r _test.in, coveralls +six==1.12.0 # via -r _base.txt, astroid, packaging, python-dateutil typed-ast==1.4.1 # via astroid -urllib3==1.25.2 +urllib3==1.25.8 # via -r _base.txt, minio, requests wcwidth==0.1.8 # via pytest wrapt==1.11.2 # via astroid zipp==3.1.0 # via importlib-metadata diff --git a/services/director/requirements/_base.in b/services/director/requirements/_base.in index efcc79cb726..bbc1072a7b5 100644 --- a/services/director/requirements/_base.in +++ b/services/director/requirements/_base.in @@ -1,6 +1,7 @@ # # Specifies third-party dependencies for 'director' # +urllib3>=1.25.8 # Vulnerability pyyaml>=5.3 # Vulnerable aiohttp diff --git a/services/director/requirements/_base.txt b/services/director/requirements/_base.txt index a8c843ac05f..7b75d5a67a4 100644 --- a/services/director/requirements/_base.txt +++ b/services/director/requirements/_base.txt @@ -4,22 +4,22 @@ # # pip-compile --output-file=_base.txt _base.in # -aiodocker==0.14.0 -aiohttp==3.3.2 -git+https://github.com/ITISFoundation/aiohttp_apiset.git@fixes_4_osparc#egg=aiohttp_apiset +aiodocker==0.14.0 # via -r _base.in +aiohttp==3.3.2 # via -r _base.in, aiodocker, aiohttp-apiset +git+https://github.com/ITISFoundation/aiohttp_apiset.git@fixes_4_osparc#egg=aiohttp_apiset # via -r _base.in async-generator==1.10 # via asyncio-extras async-timeout==3.0.1 # via aiohttp -asyncio-extras==1.3.2 +asyncio-extras==1.3.2 # via -r _base.in attrs==19.1.0 # via aiohttp certifi==2019.3.9 # via requests chardet==3.0.4 # via aiohttp, requests idna-ssl==1.1.0 # via aiohttp idna==2.8 # via idna-ssl, requests, yarl -jsonschema==2.6.0 +jsonschema==2.6.0 # via aiohttp-apiset multidict==4.5.2 # via aiohttp, yarl -pyyaml==5.3 -requests==2.22.0 +pyyaml==5.3 # via -r _base.in, aiohttp-apiset +requests==2.22.0 # via -r _base.in six==1.12.0 # via tenacity -tenacity==6.0.0 -urllib3==1.25.2 # via requests +tenacity==6.0.0 # via -r _base.in +urllib3==1.25.8 # via -r _base.in, requests yarl==1.3.0 # via aiodocker, aiohttp diff --git a/services/director/requirements/_test.in b/services/director/requirements/_test.in index a6892d520d2..7e9f2b6d5c4 100644 --- a/services/director/requirements/_test.in +++ b/services/director/requirements/_test.in @@ -5,7 +5,6 @@ # frozen specs -r _base.txt - # testing coverage==4.5.1 # TODO: Downgraded because of a bug https://github.com/nedbat/coveragepy/issues/716 pytest diff --git a/services/director/requirements/_test.txt b/services/director/requirements/_test.txt index cf6c1f43067..9b56465a6e8 100644 --- a/services/director/requirements/_test.txt +++ b/services/director/requirements/_test.txt @@ -4,53 +4,53 @@ # # pip-compile --output-file=_test.txt _test.in # -aiodocker==0.14.0 -aiohttp==3.3.2 -git+https://github.com/ITISFoundation/aiohttp_apiset.git@fixes_4_osparc#egg=aiohttp_apiset +aiodocker==0.14.0 # via -r _base.txt +aiohttp==3.3.2 # via -r _base.txt, aiodocker, aiohttp-apiset, pytest-aiohttp +git+https://github.com/ITISFoundation/aiohttp_apiset.git@fixes_4_osparc#egg=aiohttp_apiset # via -r _base.txt astroid==2.3.3 # via pylint -async-generator==1.10 -async-timeout==3.0.1 -asyncio-extras==1.3.2 -attrs==19.1.0 -certifi==2019.3.9 -chardet==3.0.4 -codecov==2.0.16 -coverage==4.5.1 -coveralls==1.11.1 -docker==4.2.0 +async-generator==1.10 # via -r _base.txt, asyncio-extras +async-timeout==3.0.1 # via -r _base.txt, aiohttp +asyncio-extras==1.3.2 # via -r _base.txt +attrs==19.1.0 # via -r _base.txt, aiohttp, pytest +certifi==2019.3.9 # via -r _base.txt, requests +chardet==3.0.4 # via -r _base.txt, aiohttp, requests +codecov==2.0.16 # via -r _test.in +coverage==4.5.1 # via -r _test.in, codecov, coveralls, pytest-cov +coveralls==1.11.1 # via -r _test.in +docker==4.2.0 # via -r _test.in docopt==0.6.2 # via coveralls -idna-ssl==1.1.0 -idna==2.8 +idna-ssl==1.1.0 # via -r _base.txt, aiohttp +idna==2.8 # via -r _base.txt, idna-ssl, requests, yarl importlib-metadata==1.5.0 # via pluggy, pytest isort==4.3.21 # via pylint -jsonschema==2.6.0 +jsonschema==2.6.0 # via -r _base.txt, aiohttp-apiset, openapi-spec-validator lazy-object-proxy==1.4.3 # via astroid mccabe==0.6.1 # via pylint more-itertools==8.2.0 # via pytest -multidict==4.5.2 -openapi-spec-validator==0.2.8 +multidict==4.5.2 # via -r _base.txt, aiohttp, yarl +openapi-spec-validator==0.2.8 # via -r _test.in packaging==20.3 # via pytest, pytest-sugar pluggy==0.13.1 # via pytest -ptvsd==4.3.2 +ptvsd==4.3.2 # via -r _test.in py==1.8.1 # via pytest -pylint==2.4.4 +pylint==2.4.4 # via -r _test.in pyparsing==2.4.6 # via packaging -pytest-aiohttp==0.3.0 -pytest-cov==2.8.1 -pytest-instafail==0.4.1.post0 -pytest-mock==2.0.0 -pytest-runner==5.2 -pytest-sugar==0.9.2 -pytest==5.3.5 -pyyaml==5.3 -requests==2.22.0 -six==1.12.0 -tenacity==6.0.0 +pytest-aiohttp==0.3.0 # via -r _test.in +pytest-cov==2.8.1 # via -r _test.in +pytest-instafail==0.4.1.post0 # via -r _test.in +pytest-mock==2.0.0 # via -r _test.in +pytest-runner==5.2 # via -r _test.in +pytest-sugar==0.9.2 # via -r _test.in +pytest==5.3.5 # via -r _test.in, pytest-aiohttp, pytest-cov, pytest-instafail, pytest-mock, pytest-sugar +pyyaml==5.3 # via -r _base.txt, aiohttp-apiset, openapi-spec-validator +requests==2.22.0 # via -r _base.txt, codecov, coveralls, docker +six==1.12.0 # via -r _base.txt, astroid, docker, openapi-spec-validator, packaging, tenacity, websocket-client +tenacity==6.0.0 # via -r _base.txt termcolor==1.1.0 # via pytest-sugar typed-ast==1.4.1 # via astroid -urllib3==1.25.2 +urllib3==1.25.8 # via -r _base.txt, requests wcwidth==0.1.8 # via pytest websocket-client==0.57.0 # via docker wrapt==1.11.2 # via astroid -yarl==1.3.0 +yarl==1.3.0 # via -r _base.txt, aiodocker, aiohttp zipp==3.1.0 # via importlib-metadata diff --git a/services/sidecar/requirements/_base.in b/services/sidecar/requirements/_base.in index c26893d6171..7f488cfa53b 100644 --- a/services/sidecar/requirements/_base.in +++ b/services/sidecar/requirements/_base.in @@ -2,7 +2,7 @@ # Specifies third-party dependencies for 'sidecar' # - +urllib3>=1.25.8 # Vulnerability sqlalchemy>=1.3.3 # https://nvd.nist.gov/vuln/detail/CVE-2019-7164 psycopg2-binary # enforces binary version - http://initd.org/psycopg/docs/install.html#binary-install-from-pypi diff --git a/services/sidecar/requirements/_base.txt b/services/sidecar/requirements/_base.txt index 6a75a91b8be..f01e03a3474 100644 --- a/services/sidecar/requirements/_base.txt +++ b/services/sidecar/requirements/_base.txt @@ -2,28 +2,28 @@ # This file is autogenerated by pip-compile # To update, run: # -# make _base.txt +# pip-compile --output-file=_base.txt _base.in # amqp==2.4.2 # via kombu billiard==3.6.0.0 # via celery -celery==4.3.0 +celery==4.3.0 # via -r _base.in certifi==2019.3.9 # via minio, requests chardet==3.0.4 # via requests decorator==4.4.0 # via networkx docker-pycreds==0.4.0 # via docker -docker==3.7.2 +docker==3.7.2 # via -r _base.in idna==2.8 # via requests -kombu==4.5.0 -minio==4.0.16 -networkx==2.3 -pika==1.0.1 -psycopg2-binary==2.8.4 +kombu==4.5.0 # via -r _base.in, celery +minio==4.0.16 # via -r _base.in +networkx==2.3 # via -r _base.in +pika==1.0.1 # via -r _base.in +psycopg2-binary==2.8.4 # via -r _base.in python-dateutil==2.8.0 # via minio pytz==2019.1 # via celery, minio requests==2.22.0 # via docker six==1.12.0 # via docker, docker-pycreds, python-dateutil, tenacity, websocket-client -sqlalchemy==1.3.3 -tenacity==6.0.0 -urllib3==1.25.2 # via minio, requests +sqlalchemy==1.3.3 # via -r _base.in +tenacity==6.0.0 # via -r _base.in +urllib3==1.25.8 # via -r _base.in, minio, requests vine==1.3.0 # via amqp, celery websocket-client==0.56.0 # via docker diff --git a/services/sidecar/requirements/_test.txt b/services/sidecar/requirements/_test.txt index 7642f90312b..6d4b68a5700 100644 --- a/services/sidecar/requirements/_test.txt +++ b/services/sidecar/requirements/_test.txt @@ -4,54 +4,54 @@ # # pip-compile --output-file=_test.txt _test.in # -aiopg==1.0.0 -amqp==2.4.2 +aiopg==1.0.0 # via -r _test.in +amqp==2.4.2 # via -r _base.txt, kombu astroid==2.3.3 # via pylint attrs==19.3.0 # via pytest, pytest-docker -billiard==3.6.0.0 -celery==4.3.0 -certifi==2019.3.9 -chardet==3.0.4 -coverage==4.5.1 -coveralls==1.11.1 -decorator==4.4.0 -docker-pycreds==0.4.0 -docker==3.7.2 +billiard==3.6.0.0 # via -r _base.txt, celery +celery==4.3.0 # via -r _base.txt +certifi==2019.3.9 # via -r _base.txt, minio, requests +chardet==3.0.4 # via -r _base.txt, requests +coverage==4.5.1 # via -r _test.in, coveralls, pytest-cov +coveralls==1.11.1 # via -r _test.in +decorator==4.4.0 # via -r _base.txt, networkx +docker-pycreds==0.4.0 # via -r _base.txt, docker +docker==3.7.2 # via -r _base.txt docopt==0.6.2 # via coveralls -idna==2.8 +idna==2.8 # via -r _base.txt, requests importlib-metadata==1.5.0 # via pluggy, pytest isort==4.3.21 # via pylint -kombu==4.5.0 +kombu==4.5.0 # via -r _base.txt, celery lazy-object-proxy==1.4.3 # via astroid mccabe==0.6.1 # via pylint -minio==4.0.16 +minio==4.0.16 # via -r _base.txt more-itertools==8.2.0 # via pytest -networkx==2.3 +networkx==2.3 # via -r _base.txt packaging==20.3 # via pytest, pytest-sugar -pika==1.0.1 +pika==1.0.1 # via -r _base.txt pluggy==0.13.1 # via pytest -psycopg2-binary==2.8.4 -ptvsd==4.3.2 +psycopg2-binary==2.8.4 # via -r _base.txt, aiopg +ptvsd==4.3.2 # via -r _test.in py==1.8.1 # via pytest -pylint==2.4.4 +pylint==2.4.4 # via -r _test.in pyparsing==2.4.6 # via packaging -pytest-cov==2.8.1 -pytest-docker==0.7.2 -pytest-instafail==0.4.1.post0 -pytest-mock==2.0.0 -pytest-sugar==0.9.2 -pytest==5.3.5 -python-dateutil==2.8.0 -pytz==2019.1 -requests==2.22.0 -six==1.12.0 -sqlalchemy==1.3.3 -tenacity==6.0.0 +pytest-cov==2.8.1 # via -r _test.in +pytest-docker==0.7.2 # via -r _test.in +pytest-instafail==0.4.1.post0 # via -r _test.in +pytest-mock==2.0.0 # via -r _test.in +pytest-sugar==0.9.2 # via -r _test.in +pytest==5.3.5 # via -r _test.in, pytest-cov, pytest-instafail, pytest-mock, pytest-sugar +python-dateutil==2.8.0 # via -r _base.txt, minio +pytz==2019.1 # via -r _base.txt, celery, minio +requests==2.22.0 # via -r _base.txt, coveralls, docker +six==1.12.0 # via -r _base.txt, astroid, docker, docker-pycreds, packaging, python-dateutil, tenacity, websocket-client +sqlalchemy==1.3.3 # via -r _base.txt +tenacity==6.0.0 # via -r _base.txt termcolor==1.1.0 # via pytest-sugar typed-ast==1.4.1 # via astroid -urllib3==1.25.2 -vine==1.3.0 +urllib3==1.25.8 # via -r _base.txt, minio, requests +vine==1.3.0 # via -r _base.txt, amqp, celery wcwidth==0.1.8 # via pytest -websocket-client==0.56.0 +websocket-client==0.56.0 # via -r _base.txt, docker wrapt==1.11.2 # via astroid zipp==3.1.0 # via importlib-metadata diff --git a/services/storage/requirements/_base.in b/services/storage/requirements/_base.in index c03fa1ea766..3a9e32c0435 100644 --- a/services/storage/requirements/_base.in +++ b/services/storage/requirements/_base.in @@ -6,8 +6,8 @@ -r ../../../packages/postgres-database/requirements/_base.in -r ../../../packages/service-library/requirements/_base.in - -urllib3~=1.24.2 # See https://nvd.nist.gov/vuln/detail/CVE-2019-11324 +psutil>=5.6.6 # Vulnerability https://github.com/advisories/GHSA-qfc5-mcwq-26q8 +urllib3>=1.25.8 # Vulnerability psycopg2-binary~=2.8.4 # See http://initd.org/psycopg/docs/install.html#binary-install-from-pypi sqlalchemy~=1.3.3 # https://nvd.nist.gov/vuln/detail/CVE-2019-7164 boto3==1.9.252 # do not use lastest version, this would require botocore<1.13.0,>=1.12.179 but aiobotocore[boto3]==0.10.2 hardcodes boto3==1.9.91 that requires botocore<1.12.92,>=1.12.91 diff --git a/services/storage/requirements/_base.txt b/services/storage/requirements/_base.txt index 2fedd32e722..22dcf691780 100644 --- a/services/storage/requirements/_base.txt +++ b/services/storage/requirements/_base.txt @@ -4,18 +4,18 @@ # # pip-compile --output-file=_base.txt _base.in # -aioboto3==6.4.1 +aioboto3==6.4.1 # via -r _base.in aiobotocore[boto3]==0.10.4 # via aioboto3 -aiofiles==0.4.0 -aiohttp==3.6.2 -aiopg[sa]==1.0.0 -aiozipkin==0.6.0 +aiofiles==0.4.0 # via -r _base.in +aiohttp==3.6.2 # via -r ../../../packages/service-library/requirements/_base.in, -r _base.in, aiobotocore, aiozipkin +aiopg[sa]==1.0.0 # via -r ../../../packages/service-library/requirements/_base.in, -r _base.in +aiozipkin==0.6.0 # via -r ../../../packages/service-library/requirements/_base.in apipkg==1.5 # via execnet async-generator==1.10 # via aiobotocore async-timeout==3.0.1 # via aiohttp -attrs==19.1.0 -blackfynn==2.11.1 -boto3==1.9.252 +attrs==19.1.0 # via -r ../../../packages/service-library/requirements/_base.in, aiohttp, jsonschema, openapi-core +blackfynn==2.11.1 # via -r _base.in +boto3==1.9.252 # via -r _base.in, aiobotocore, blackfynn botocore==1.12.252 # via aiobotocore, boto3, s3transfer certifi==2019.3.9 # via requests chardet==3.0.4 # via aiohttp, requests @@ -23,47 +23,47 @@ configparser==3.7.4 # via blackfynn deprecated==1.2.5 # via blackfynn docopt==0.6.2 # via blackfynn docutils==0.15.2 # via botocore -execnet==1.6.0 +execnet==1.6.0 # via -r _base.in future==0.17.1 # via blackfynn idna-ssl==1.1.0 # via aiohttp idna==2.8 # via idna-ssl, requests, yarl importlib-metadata==1.3.0 # via jsonschema isodate==0.6.0 # via openapi-core jmespath==0.9.4 # via boto3, botocore -jsonschema==3.2.0 +jsonschema==3.2.0 # via -r ../../../packages/service-library/requirements/_base.in, openapi-spec-validator lazy-object-proxy==1.4.3 # via openapi-core -marshmallow==2.19.2 +marshmallow==2.19.2 # via -r _base.in more-itertools==8.0.2 # via zipp multidict==4.5.2 # via aiohttp, yarl -numpy==1.16.3 -openapi-core==0.12.0 +numpy==1.16.3 # via -r python-with-pandas_89f709.txt, blackfynn, pandas +openapi-core==0.12.0 # via -r ../../../packages/service-library/requirements/_base.in openapi-spec-validator==0.2.8 # via openapi-core -pandas==0.24.2 -prometheus-client==0.7.1 +pandas==0.24.2 # via -r python-with-pandas_89f709.txt, blackfynn +prometheus-client==0.7.1 # via -r ../../../packages/service-library/requirements/_base.in protobuf==3.2.0 # via blackfynn -psutil==5.6.2 # via blackfynn -psycopg2-binary==2.8.4 +psutil==5.7.0 # via -r _base.in, blackfynn +psycopg2-binary==2.8.4 # via -r ../../../packages/service-library/requirements/_base.in, -r _base.in, aiopg, sqlalchemy pyrsistent==0.15.6 # via jsonschema -python-dateutil==2.8.0 -pytz==2019.1 -pyyaml==5.3 +python-dateutil==2.8.0 # via -r python-with-pandas_89f709.txt, botocore, pandas +pytz==2019.1 # via -r python-with-pandas_89f709.txt, blackfynn, pandas +pyyaml==5.3 # via -r ../../../packages/service-library/requirements/_base.in, openapi-spec-validator, trafaret-config requests==2.22.0 # via blackfynn s3transfer==0.2.1 # via boto3 -semantic-version==2.6.0 +semantic-version==2.6.0 # via -r _base.in semver==2.8.1 # via blackfynn -six==1.12.0 -sqlalchemy[postgresql_psycopg2binary]==1.3.3 +six==1.12.0 # via -r python-with-pandas_89f709.txt, isodate, jsonschema, openapi-core, openapi-spec-validator, protobuf, pyrsistent, python-dateutil, tenacity, websocket-client +sqlalchemy[postgresql_psycopg2binary]==1.3.3 # via -r ../../../packages/postgres-database/requirements/_base.in, -r ../../../packages/service-library/requirements/_base.in, -r _base.in, aiopg strict-rfc3339==0.7 # via openapi-core -tenacity==6.0.0 -trafaret-config==2.0.2 -trafaret==1.2.0 +tenacity==6.0.0 # via -r ../../../packages/service-library/requirements/_base.in, -r _base.in +trafaret-config==2.0.2 # via -r _base.in +trafaret==1.2.0 # via -r ../../../packages/service-library/requirements/_base.in, -r _base.in, trafaret-config typing-extensions==3.7.2 # via aiohttp -ujson==1.35 -urllib3==1.24.3 +ujson==1.35 # via -r ../../../packages/service-library/requirements/_base.in +urllib3==1.25.8 # via -r _base.in, botocore, requests websocket-client==0.56.0 # via blackfynn -werkzeug==0.16.0 +werkzeug==0.16.0 # via -r ../../../packages/service-library/requirements/_base.in wrapt==1.11.2 # via aiobotocore, deprecated -yarl==1.3.0 +yarl==1.3.0 # via -r ../../../packages/postgres-database/requirements/_base.in, aiohttp zipp==0.6.0 # via importlib-metadata # The following packages are considered to be unsafe in a requirements file: diff --git a/services/storage/requirements/_test.txt b/services/storage/requirements/_test.txt index c21d3c56559..f518a63a2a9 100644 --- a/services/storage/requirements/_test.txt +++ b/services/storage/requirements/_test.txt @@ -4,95 +4,95 @@ # # pip-compile --output-file=_test.txt _test.in # -aioboto3==6.4.1 -aiobotocore[boto3]==0.10.4 -aiofiles==0.4.0 -aiohttp==3.6.2 -aiopg[sa]==1.0.0 -aiozipkin==0.6.0 -apipkg==1.5 +aioboto3==6.4.1 # via -r _base.txt +aiobotocore[boto3]==0.10.4 # via -r _base.txt, aioboto3 +aiofiles==0.4.0 # via -r _base.txt +aiohttp==3.6.2 # via -r _base.txt, aiobotocore, aiozipkin, pytest-aiohttp +aiopg[sa]==1.0.0 # via -r _base.txt +aiozipkin==0.6.0 # via -r _base.txt +apipkg==1.5 # via -r _base.txt, execnet appdirs==1.4.3 # via virtualenv astroid==2.3.3 # via pylint -async-generator==1.10 -async-timeout==3.0.1 -attrs==19.1.0 -blackfynn==2.11.1 -boto3==1.9.252 -botocore==1.12.252 -certifi==2019.3.9 -chardet==3.0.4 -codecov==2.0.16 -configparser==3.7.4 -coverage==4.5.1 -coveralls==1.11.1 -deprecated==1.2.5 +async-generator==1.10 # via -r _base.txt, aiobotocore +async-timeout==3.0.1 # via -r _base.txt, aiohttp +attrs==19.1.0 # via -r _base.txt, aiohttp, jsonschema, openapi-core, pytest, pytest-docker +blackfynn==2.11.1 # via -r _base.txt +boto3==1.9.252 # via -r _base.txt, aiobotocore, blackfynn +botocore==1.12.252 # via -r _base.txt, aiobotocore, boto3, s3transfer +certifi==2019.3.9 # via -r _base.txt, requests +chardet==3.0.4 # via -r _base.txt, aiohttp, requests +codecov==2.0.16 # via -r _test.in +configparser==3.7.4 # via -r _base.txt, blackfynn +coverage==4.5.1 # via -r _test.in, codecov, coveralls, pytest-cov +coveralls==1.11.1 # via -r _test.in +deprecated==1.2.5 # via -r _base.txt, blackfynn distlib==0.3.0 # via virtualenv -docopt==0.6.2 -docutils==0.15.2 -execnet==1.6.0 +docopt==0.6.2 # via -r _base.txt, blackfynn, coveralls +docutils==0.15.2 # via -r _base.txt, botocore +execnet==1.6.0 # via -r _base.txt filelock==3.0.12 # via virtualenv -future==0.17.1 -idna-ssl==1.1.0 -idna==2.8 -importlib-metadata==1.3.0 +future==0.17.1 # via -r _base.txt, blackfynn +idna-ssl==1.1.0 # via -r _base.txt, aiohttp +idna==2.8 # via -r _base.txt, idna-ssl, requests, yarl +importlib-metadata==1.3.0 # via -r _base.txt, importlib-resources, jsonschema, pluggy, pytest, virtualenv importlib-resources==1.3.1 # via virtualenv -isodate==0.6.0 +isodate==0.6.0 # via -r _base.txt, openapi-core isort==4.3.21 # via pylint -jmespath==0.9.4 -jsonschema==3.2.0 -lazy-object-proxy==1.4.3 -marshmallow==2.19.2 +jmespath==0.9.4 # via -r _base.txt, boto3, botocore +jsonschema==3.2.0 # via -r _base.txt, openapi-spec-validator +lazy-object-proxy==1.4.3 # via -r _base.txt, astroid, openapi-core +marshmallow==2.19.2 # via -r _base.txt mccabe==0.6.1 # via pylint -more-itertools==8.0.2 -multidict==4.5.2 -numpy==1.16.3 -openapi-core==0.12.0 -openapi-spec-validator==0.2.8 +more-itertools==8.0.2 # via -r _base.txt, pytest, zipp +multidict==4.5.2 # via -r _base.txt, aiohttp, yarl +numpy==1.16.3 # via -r _base.txt, blackfynn, pandas +openapi-core==0.12.0 # via -r _base.txt +openapi-spec-validator==0.2.8 # via -r _base.txt, openapi-core packaging==20.3 # via pytest, pytest-sugar -pandas==0.24.2 +pandas==0.24.2 # via -r _base.txt, blackfynn pluggy==0.13.1 # via pytest -prometheus-client==0.7.1 -protobuf==3.2.0 -psutil==5.6.2 -psycopg2-binary==2.8.4 -ptvsd==4.3.2 +prometheus-client==0.7.1 # via -r _base.txt +protobuf==3.2.0 # via -r _base.txt, blackfynn +psutil==5.7.0 # via -r _base.txt, blackfynn +psycopg2-binary==2.8.4 # via -r _base.txt, aiopg, sqlalchemy +ptvsd==4.3.2 # via -r _test.in py==1.8.1 # via pytest -pylint==2.4.4 +pylint==2.4.4 # via -r _test.in pyparsing==2.4.6 # via packaging -pyrsistent==0.15.6 -pytest-aiohttp==0.3.0 -pytest-cov==2.8.1 -pytest-docker==0.7.2 -pytest-instafail==0.4.1.post0 -pytest-mock==2.0.0 -pytest-runner==5.2 -pytest-sugar==0.9.2 -pytest==5.3.5 -python-dateutil==2.8.0 -pytz==2019.1 -pyyaml==5.3 -requests==2.22.0 -s3transfer==0.2.1 -semantic-version==2.6.0 -semver==2.8.1 -six==1.12.0 -sqlalchemy[postgresql_psycopg2binary]==1.3.3 -strict-rfc3339==0.7 -tenacity==6.0.0 +pyrsistent==0.15.6 # via -r _base.txt, jsonschema +pytest-aiohttp==0.3.0 # via -r _test.in +pytest-cov==2.8.1 # via -r _test.in +pytest-docker==0.7.2 # via -r _test.in +pytest-instafail==0.4.1.post0 # via -r _test.in +pytest-mock==2.0.0 # via -r _test.in +pytest-runner==5.2 # via -r _test.in +pytest-sugar==0.9.2 # via -r _test.in +pytest==5.3.5 # via -r _test.in, pytest-aiohttp, pytest-cov, pytest-instafail, pytest-mock, pytest-sugar +python-dateutil==2.8.0 # via -r _base.txt, botocore, pandas +pytz==2019.1 # via -r _base.txt, blackfynn, pandas +pyyaml==5.3 # via -r _base.txt, openapi-spec-validator, trafaret-config +requests==2.22.0 # via -r _base.txt, blackfynn, codecov, coveralls +s3transfer==0.2.1 # via -r _base.txt, boto3 +semantic-version==2.6.0 # via -r _base.txt +semver==2.8.1 # via -r _base.txt, blackfynn +six==1.12.0 # via -r _base.txt, astroid, isodate, jsonschema, openapi-core, openapi-spec-validator, packaging, protobuf, pyrsistent, python-dateutil, tenacity, virtualenv, websocket-client +sqlalchemy[postgresql_psycopg2binary]==1.3.3 # via -r _base.txt, aiopg +strict-rfc3339==0.7 # via -r _base.txt, openapi-core +tenacity==6.0.0 # via -r _base.txt termcolor==1.1.0 # via pytest-sugar -trafaret-config==2.0.2 -trafaret==1.2.0 +trafaret-config==2.0.2 # via -r _base.txt +trafaret==1.2.0 # via -r _base.txt, trafaret-config typed-ast==1.4.1 # via astroid -typing-extensions==3.7.2 -ujson==1.35 -urllib3==1.24.3 -virtualenv==20.0.10 +typing-extensions==3.7.2 # via -r _base.txt, aiohttp +ujson==1.35 # via -r _base.txt +urllib3==1.25.8 # via -r _base.txt, botocore, requests +virtualenv==20.0.10 # via -r _test.in wcwidth==0.1.8 # via pytest -websocket-client==0.56.0 -werkzeug==0.16.0 -wrapt==1.11.2 -yarl==1.3.0 -zipp==0.6.0 +websocket-client==0.56.0 # via -r _base.txt, blackfynn +werkzeug==0.16.0 # via -r _base.txt +wrapt==1.11.2 # via -r _base.txt, aiobotocore, astroid, deprecated +yarl==1.3.0 # via -r _base.txt, aiohttp +zipp==0.6.0 # via -r _base.txt, importlib-metadata, importlib-resources # The following packages are considered to be unsafe in a requirements file: # setuptools