Bump several deps. (#5079)

ICTU · Dec 19, 2022 · c2298cd · c2298cd
1 parent fef4c1f
commit c2298cd
Show file tree

Hide file tree

Showing 54 changed files with 1,452 additions and 1,383 deletions.
diff --git a/.github/workflows/application-tests.yml b/.github/workflows/application-tests.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3.1.0
+      - uses: actions/checkout@v3.2.0
       - name: Run application tests
         env:
           QUALITY_TIME_VERSION: v4.7.0-rc.4

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -35,7 +35,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3.1.0
+      uses: actions/checkout@v3.2.0
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

diff --git a/.github/workflows/collector.yml b/.github/workflows/collector.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3.1.0
+    - uses: actions/checkout@v3.2.0
     - name: Set up Python
       uses: actions/setup-python@v4
       with:

diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3.1.0
+    - uses: actions/checkout@v3.2.0
     - name: Set up Python
       uses: actions/setup-python@v4
       with:

diff --git a/.github/workflows/external_server.yml b/.github/workflows/external_server.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3.1.0
+    - uses: actions/checkout@v3.2.0
     - name: Set up Python
       uses: actions/setup-python@v4
       with:

diff --git a/.github/workflows/feature-tests-quality.yml b/.github/workflows/feature-tests-quality.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3.1.0
+    - uses: actions/checkout@v3.2.0
     - name: Set up Python
       uses: actions/setup-python@v4
       with:

diff --git a/.github/workflows/feature-tests.yml b/.github/workflows/feature-tests.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3.1.0
+      - uses: actions/checkout@v3.2.0
       - name: Set up Python
         uses: actions/setup-python@v4
         with:

diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml
@@ -12,7 +12,7 @@ jobs:
         node-version: [16.x, 18.x]
 
     steps:
-    - uses: actions/checkout@v3.1.0
+    - uses: actions/checkout@v3.2.0
     - name: Use Node.js ${{ matrix.node-version }}
       uses: actions/[email protected]
       with:

diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml
@@ -22,7 +22,7 @@ jobs:
           - component: testdata
 
     steps:
-    - uses: actions/checkout@v3.1.0
+    - uses: actions/checkout@v3.2.0
     - name: Hadolint ${{ matrix.component }}
       uses: hadolint/[email protected]
       with:

diff --git a/.github/workflows/internal_server.yml b/.github/workflows/internal_server.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3.1.0
+    - uses: actions/checkout@v3.2.0
     - name: Set up Python
       uses: actions/setup-python@v4
       with:

diff --git a/.github/workflows/notifier.yml b/.github/workflows/notifier.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3.1.0
+    - uses: actions/checkout@v3.2.0
     - name: Set up Python
       uses: actions/setup-python@v4
       with:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3.1.0
+        uses: actions/checkout@v3.2.0
       - name: Get release version from the pushed tag
         id: get_version
         uses: battila7/get-version-action@v2

diff --git a/.github/workflows/shared_data_model.yml b/.github/workflows/shared_data_model.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3.1.0
+    - uses: actions/checkout@v3.2.0
     - name: Set up Python
       uses: actions/setup-python@v4
       with:

diff --git a/.github/workflows/shared_python.yml b/.github/workflows/shared_python.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3.1.0
+    - uses: actions/checkout@v3.2.0
     - name: Set up Python
       uses: actions/setup-python@v4
       with:

diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
@@ -13,7 +13,7 @@ jobs:
     env:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
     steps:
-    - uses: actions/checkout@v3.1.0
+    - uses: actions/checkout@v3.2.0
       if: env.SONAR_TOKEN != null
       with:
         fetch-depth: 0  # Disabling shallow clone is recommended for improving relevancy of reporting

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -37,7 +37,7 @@ jobs:
             docker_file: internal_server/Dockerfile
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3.1.0
+        uses: actions/checkout@v3.2.0
 
       - name: Build image from Dockerfile
         run: |

diff --git a/components/collector/ci/quality.sh b/components/collector/ci/quality.sh
@@ -18,8 +18,9 @@ run () {
 run mypy src
 run pylint --rcfile=../../.pylintrc src tests
 run python -m flake8 --select=DUO src  # Dlint
-run pip-audit --strict --progress-spinner=off -r requirements/requirements-base.txt -r requirements/requirements.txt -r requirements/requirements-dev.txt
+run pip-audit --strict --progress-spinner=off --ignore-vuln=GHSA-hcpj-qp55-gfph -r requirements/requirements-base.txt -r requirements/requirements.txt -r requirements/requirements-dev.txt  # Ignore https://github.com/gitpython-developers/GitPython/issues/1515
 run safety check --bare --ignore 41002 -r requirements/requirements-base.txt -r requirements/requirements.txt -r requirements/requirements-dev.txt  # See https://github.com/nedbat/coveragepy/issues/1200
 run bandit --quiet --recursive src/
 NAMES_TO_IGNORE='Anchore*,Axe*,AzureDevops*,Bandit*,Calendar*,Cloc*,Cobertura*,Composer*,CxSAST*,Gatling*,Generic*,GitLab*,Jacoco*,Jenkins*,Jira*,JMeter*,JUnit*,ManualNumber*,NCover*,Npm*,OJAudit*,OpenVAS*,OWASPDependencyCheck*,OWASPZAP*,PerformanceTestRunner*,Pip*,PyupioSafety*,QualityTime*,RobotFramework*,SARIF*,Snyk*,SonarQube*,Trello*'
 run vulture --min-confidence 0 --ignore-names $NAMES_TO_IGNORE src/ tests/ .vulture_ignore_list.py
+
diff --git a/components/collector/requirements/requirements-base.txt b/components/collector/requirements/requirements-base.txt
@@ -20,9 +20,9 @@ pep517==0.12.0 \
     --hash=sha256:931378d93d11b298cf511dd634cf5ea4cb249a28ef84160b3247ee9afb4e8ab0 \
     --hash=sha256:dd884c326898e2c6e11f9e0b64940606a93eb10ea022a2e067959f3a110cf161
     # via build
-pip-tools==6.11.0 \
-    --hash=sha256:64a6b66887c270705a9006a10023eb4c893e9bf66c306bdcb4440541b367c057 \
-    --hash=sha256:90c5dc150e3856e4463b81ccc99307ccf9554e5db8393eb273705cb0b8f71c60
+pip-tools==6.12.1 \
+    --hash=sha256:88efb7b29a923ffeac0713e6f23ef8529cc6175527d42b93f73756cc94387293 \
+    --hash=sha256:f0c0c0ec57b58250afce458e2e6058b1f30a4263db895b7d72fd6311bf1dc6f7
     # via -r ../../../requirements/base.in
 pyparsing==3.0.9 \
     --hash=sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb \

diff --git a/components/collector/requirements/requirements-dev.in b/components/collector/requirements/requirements-dev.in
@@ -1,3 +1,3 @@
 -r ../../../requirements/dev.in
 types-beautifulsoup4==4.11.6.1
-types-python-dateutil==2.8.19.4
+types-python-dateutil==2.8.19.5