ASFHyP3 · asjohnston-asf · Feb 23, 2024 · Feb 13, 2024 · Feb 14, 2024 · Feb 14, 2024
@@ -6,39 +6,16 @@ on:
       - main
 
 jobs:
-  add-release-template-comment:
-    runs-on: ubuntu-latest
-    name: Add a comment with the release template
-    steps:
-      - uses: actions/[email protected]
-
-      - name: Comment PR
-        uses: thollander/actions-comment-pull-request@v2
-        with:
-          message: |
-            ### Developer checklist
-
-            - [ ] Indicated the level of changes to this package by affixing one of these labels:
-              * major -- Major changes to the API that may break current workflows
-              * minor -- Minor changes to the API that do not break current workflows
-              * patch -- Patches and bugfixes for the current version that do not break current workflows
-              * bumpless -- Changes to documentation, CI/CD pipelines, etc. that don't affect the software's version
-            - [ ] (If applicable) Updated the dependencies and indicated any downstream changes that are required
-            - [ ] Added/updated documentation for these changes
-            - [ ] Added/updated tests for these changes
-            - [ ] If the step function code has changed, have you drained the job queue before merging?
-
-              * For example, if the interface for a Lambda function has changed to expect different input,
-                then currently running jobs (which use the old step function definition) will call the new
-                function with the old input. So we must drain the job queue before deployment, so that the new
-                function is only called by the new step function definition.
-
-            ### Reviewer checklist
-
-            - [ ] Have all dependencies been updated?
-            - [ ] Is the level of changes labeled appropriately?
-            - [ ] Are all the changes described appropriately in `CHANGELOG.md`?
-            - [ ] Has the documentation been adequately updated?
-            - [ ] Are the tests adequate?
-
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  call-release-checklist-workflow:
+    uses: ASFHyP3/actions/.github/workflows/[email protected]
+    permissions:
+      pull-requests: write
+    with:
+      additional_developer_items: |
+        - [ ] If the step function code has changed, have you drained the job queue before merging?
+          * For example, if the interface for a Lambda function has changed to expect different input,
+            then currently running jobs (which use the old step function definition) will call the new
+            function with the old input. So we must drain the job queue before deployment, so that the new
+            function is only called by the new step function definition.
+    secrets:
+      USER_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [6.1.1]
+
+### Changed
+- Upgraded to `cryptography==42.0.4`. Fixes CVE-2024-26130.
+
 ## [6.1.0]
 
 ### Added

@@ -5,16 +5,16 @@
 -r requirements-apps-start-execution-worker.txt
 -r requirements-apps-disable-private-dns.txt
 -r requirements-apps-update-db.txt
-boto3==1.34.40
+boto3==1.34.47
 jinja2==3.1.3
-moto[dynamodb]==5.0.1
-pytest==8.0.0
+moto[dynamodb]==5.0.2
+pytest==8.0.1
 PyYAML==6.0.1
-responses==0.24.1
+responses==0.25.0
 flake8==7.0.0
 flake8-import-order==0.18.2
 flake8-blind-except==0.2.1
 flake8-builtins==2.2.0
 setuptools==69.1.0
 openapi-spec-validator==0.7.1
-cfn-lint==0.85.1
+cfn-lint==0.85.2
@@ -1 +1 @@
-cryptography==42.0.2
+cryptography==42.0.4
@@ -1,13 +1,12 @@
 flask==2.2.5
 Flask-Cors==4.0.0
 jsonschema==4.21.1
-# TODO convert this pin back to the normal format after the next PyPI release
-openapi-core @ git+https://github.com/python-openapi/[email protected]
+openapi-core==0.19.0
 prance==23.6.21.0
 PyJWT==2.8.0
 requests==2.31.0
 serverless_wsgi==3.0.3
-shapely==2.0.2
+shapely==2.0.3
 strict-rfc3339==0.7
 Werkzeug==3.0.1
 ./lib/dynamo/
@@ -1 +1 @@
-boto3==1.34.40
+boto3==1.34.47
@@ -1,3 +1,3 @@
-boto3==1.34.40
+boto3==1.34.47
 ./lib/dynamo/
 ./lib/lambda_logging/
@@ -1,2 +1,2 @@
-boto3==1.34.40
+boto3==1.34.47
 ./lib/lambda_logging/