Skip to content

Commit

Permalink
dependencies: fix security issues
Browse files Browse the repository at this point in the history
* Bumps dependencies.

Co-Authored-by: Peter Weber <[email protected]>
  • Loading branch information
rerowep committed Nov 23, 2023
1 parent ba7d577 commit 619144e
Show file tree
Hide file tree
Showing 7 changed files with 1,044 additions and 1,020 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/continuous-integration-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: '12'
node-version: '14'

- name: Docker compose up
run: docker-compose up -d
Expand Down Expand Up @@ -51,7 +51,7 @@ jobs:
poetry run ./scripts/bootstrap --ci --deploy E2E=yes
- name: Run Test
run: poetry run ./run-tests.sh
run: poetry run ./scripts/test

# - name: Upload Coverage ${{ matrix.tests }}
# if: ${{ matrix.dependencies == 'locked' }}
Expand Down
2 changes: 1 addition & 1 deletion CONTRIBUTING.rst
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ Ready to contribute? Here's how to set up `rero-ebooks` for local development.

.. code-block:: console
$ ./run-tests.sh
$ ./scripts/test
The tests will provide you with test coverage and also check PEP8
(code style), PEP257 (documentation), flake8 as well as build the Sphinx
Expand Down
4 changes: 2 additions & 2 deletions INSTALL.rst
Original file line number Diff line number Diff line change
Expand Up @@ -97,14 +97,14 @@ Run the test suite via the provided script:

.. code-block:: console
$ ./run-tests.sh
$ ./scripts/test
By default, end-to-end tests are skipped. You can include the E2E tests like
this:

.. code-block:: console
$ env E2E=yes ./run-tests.sh
$ env E2E=yes ./scripts/test
For more information about end-to-end testing see `pytest-invenio
<https://pytest-invenio.readthedocs.io/en/latest/usage.html#running-e2e-tests>`_
Expand Down
2,012 changes: 1,015 additions & 997 deletions poetry.lock

Large diffs are not rendered by default.

31 changes: 16 additions & 15 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ uwsgitop = ">=0.11"

## Third party invenio modules used by RERO EBOOKS
# TODO: needed for `parameter from` fix.
invenio-oaiserver = { git = "https://github.com/rerowep/invenio-oaiserver.git", branch = "wep-fix-from" }
invenio-oaiharvester = { git = "https://github.com/inveniosoftware/invenio-oaiharvester.git", tag = "v1.0.0a4" }
invenio-search = {version = ">=2.1.0,<3.0.0", extras = ["elasticsearch7"]}

Expand All @@ -43,22 +42,23 @@ invenio-i18n = ">=2.0.0,<3.0.0"
invenio-db = {version = ">=1.0.14,<1.1.0", extras = ["postgresql"]}
# Invenio base bundle
invenio-admin = ">=1.4.0,<1.5.0"
invenio-assets = ">=2.0.0,<3.0.0"
invenio-formatter = ">=1.2.0,<1.3.0"
invenio-logging = {version = ">=1.3.2,<1.4.0", extras = ["sentry-sdk"]}
invenio-mail = ">=1.0.2,<1.1.0"
invenio-rest = ">=1.2.8,<1.3.0"
# invenio-assets = ">=3.0.0,<4.0.0" # error patch-package 6.5.1 semantic-ui-less
invenio-assets = ">=1.0.0,<3.0.0"
invenio-formatter = ">=2.0.0,<3.0.0"
invenio-logging = {version = ">=2.0.0,<3.0.0"}
invenio-mail = ">=2.0.0,<3.0.0"
invenio-rest = ">=1.3.0,<1.4.0"
invenio-theme = ">=2.0.0,<3.0.0"
# Invenio auth bundle
invenio-access = ">=1.4.4,<1.5.0"
invenio-accounts = ">=2.1.0,<2.2.0"
invenio-oauth2server = ">=2.0.0,<2.1.0"
invenio-oauthclient = ">=2.2.0,<3.0.0"
invenio-userprofiles = ">=2.2.0,<2.3.0"
invenio-access = ">=2.0.0,<3.0.0"
invenio-accounts = ">=3.0.0,<4.0.0"
invenio-oauth2server = ">=2.0.0,<3.0.0"
invenio-oauthclient = ">=3.0.0,<4.0.0"
invenio-userprofiles = ">=2.2.0,<3.0.0"
# Invenio metadata bundle
invenio-indexer = ">=2.1.0,<2.2.0"
invenio-indexer = ">=2.2.0,<3.0.0"
invenio-jsonschemas = ">=1.1.4,<1.2.0"
# invenio-oaiserver = ">=2.2.0,<2.3.0"
invenio-oaiserver = ">=2.2.0,<2.3.0"
invenio-pidstore = ">=1.3.0,<1.4.0"
invenio-records-rest = ">=2.2.0,<2.3.0"
invenio-records-ui = ">=1.2.0,<1.3.0"
Expand All @@ -68,7 +68,8 @@ invenio-records = "2.1.0,<2.2.0"
Flask = ">=2.2.0,<2.3.0"
dojson = ">=1.4.0"
# TODO: dojson problem = AttributeError: 'Group' object has no attribute 'resultcallback'
click = "<8.1.0"
# click = "<8.1.0"
sentry-sdk = ">=1.0.0" # normaly in invenio-logging = {version = ">=2.0.0,<3.0.0", extras = ["sentry_sdk"]}

## RERO ILS specific python modules
PyYAML = ">=5.3.1"
Expand Down Expand Up @@ -165,7 +166,7 @@ apiharvester = "rero_ebooks.apiharvester.tasks"
[tool.poe.tasks]
bootstrap = {cmd = "./scripts/bootstrap", help = "Runs bootstrap"}
console = {cmd = "./scripts/console", help = "Opens invenio shell"}
run_tests = {cmd = "./run-tests.sh", help = "Runs all tests"}
run_tests = {cmd = "./scripts/tests", help = "Runs all tests"}
tests = {cmd = "pytest", help = "pytest"}
tests_debug = {cmd = "./scripts/pytest -s --v --no-cov", help = "pytest -s --v --no-cov"}
server = {cmd = "./scripts/server", help = "Starts the server "}
Expand Down
2 changes: 2 additions & 0 deletions rero_ebooks/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@ def _(x):
return x


APP_THEME = ['bootstrap3']

# Rate limiting
# =============
RATELIMIT_STORAGE_URL = 'redis://localhost:6379/3'
Expand Down
9 changes: 6 additions & 3 deletions run-tests.sh → scripts/test
Original file line number Diff line number Diff line change
Expand Up @@ -59,20 +59,23 @@ msg "PROGRAM: ${PROGRAM}"

# Poetry is a mandatory condition to launch this program!
if [[ -z "${VIRTUAL_ENV}" ]]; then
error_msg+exit "Error - Launch this script via poetry command:\n\tpoetry run run-tests"
error_msg+exit "Error - Launch this script via poetry command:\n\tpoetry run ./scripts/test"
fi

set -e
# TODO: find out why we have following error:
# -> Vulnerability found in sqlalchemy version 1.4.48
# -> Vulnerability found in flask-caching version 2.0.1
# Vulnerability ID: 40459
# -> Vulnerability found in sqlalchemy version 1.4.50
# Vulnerability ID: 51668
# -> Vulnerability found in sqlalchemy-utils version 0.38.3
# Vulnerability ID: 42194
# -> Vulnerability found in wtforms version 2.3.3
# Vulnerability ID: 42852
# -> Vulnerability found in py version 1.11.0
# Vulnerability ID: 51457
safety check -o bare -i 51668 -i 42194 -i 42852 -i 51457
info_msg "Test safety:"
safety check -o bare -i 40459 -i 51668 -i 42194 -i 42852 -i 51457
info_msg "Test pydocstyle:"
pydocstyle rero_ebooks tests docs
info_msg "Test isort:"
Expand Down

0 comments on commit 619144e

Please sign in to comment.