Dependabot updates for week of 28 August 2023 (#2527)

* Bump eslint-plugin-import from 2.27.5 to 2.28.1
* Bump @typescript-eslint/eslint-plugin from 6.3.0 to 6.4.1
* Bump eslint-plugin-react from 7.33.0 to 7.33.2
* Bump @testing-library/jest-dom from 5.16.5 to 6.1.2
* Bump prettier from 3.0.0 to 3.0.2
* Bump aws-actions/configure-aws-credentials from 2.2.0 to 3.0.1
* Bump actions/checkout from 3.5.3 to 3.6.0
* Bump python from 3.11.4-bookworm to 3.11.5-bookworm
* Bump identity model to 6.32.2
* Update Python dependencies
* Update formatting and frontend license report

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/backend.yml

@@ -38,7 +38,7 @@ jobs:
             objects.githubusercontent.com:443
             storage.googleapis.com:443
             uploader.codecov.io:443
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - name: Setup dotnet
         uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
         with:
@@ -104,7 +104,7 @@ jobs:
             objects.githubusercontent.com:443
 
       - name: Checkout repository
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       # Manually install .NET to work around:
       # https://github.com/github/codeql-action/issues/757
       - name: Setup .NET
@@ -150,7 +150,7 @@ jobs:
             security.ubuntu.com:80
       # For subfolders, currently a full checkout is required.
       # See: https://github.com/marketplace/actions/build-and-push-docker-images#path-context
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
         with:
           fetch-depth: 0
       - name: Build backend

.github/workflows/codeql.yml

@@ -59,7 +59,7 @@ jobs:
             objects.githubusercontent.com:443
             pypi.org:443
       - name: Checkout repository
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

.github/workflows/combine_deploy_image.yml

@@ -25,7 +25,7 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v2.2.0
+        uses: aws-actions/configure-aws-credentials@v3.0.1
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

.github/workflows/database.yml

@@ -26,7 +26,7 @@ jobs:
             registry-1.docker.io:443
       # For subfolders, currently a full checkout is required.
       # See: https://github.com/marketplace/actions/build-and-push-docker-images#path-context
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
         with:
           fetch-depth: 0
       - name: Build database image

.github/workflows/deploy_qa.yml

@@ -51,7 +51,7 @@ jobs:
             storage.googleapis.com:443
             sts.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443
             uploader.codecov.io:443
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
         with:
           fetch-depth: 0
       - name: Build The Combine
@@ -82,9 +82,9 @@ jobs:
             api.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443
             github.com:443
             sts.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v2.2.0
+        uses: aws-actions/configure-aws-credentials@v3.0.1
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -97,7 +97,7 @@ jobs:
     if: ${{ github.ref_name == 'master' }}
     runs-on: [self-hosted, thecombine]
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - name: Deploy The Combine Update
         uses: ./.github/actions/combine-deploy-update
         with:

.github/workflows/deploy_release.yml

@@ -47,7 +47,7 @@ jobs:
             security.ubuntu.com:80
             storage.googleapis.com:443
             sts.us-east-1.amazonaws.com:443
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - name: Build The Combine
         id: build_combine
         uses: ./.github/actions/combine-build
@@ -66,7 +66,7 @@ jobs:
     needs: build
     runs-on: [self-hosted, thecombine]
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
         with:
           fetch-depth: 0
       - name: Deploy The Combine Update to QA

.github/workflows/frontend.yml

@@ -31,7 +31,7 @@ jobs:
             registry.npmjs.org:443
             storage.googleapis.com:443
             uploader.codecov.io:443
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - name: Use Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
         with:
@@ -86,7 +86,7 @@ jobs:
             pypi.org:443
             registry-1.docker.io:443
             registry.npmjs.org:443
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
         with:
           fetch-depth: 0
       - name: Build frontend

.github/workflows/maintenance.yml

@@ -30,7 +30,7 @@ jobs:
             security.ubuntu.com:80
       # For subfolders, currently a full checkout is required.
       # See: https://github.com/marketplace/actions/build-and-push-docker-images#path-context
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
         with:
           fetch-depth: 0
       - name: Build maintenance image

.github/workflows/pages.yml

@@ -25,7 +25,7 @@ jobs:
             files.pythonhosted.org:443
             github.com:443
             pypi.org:443
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
         with:
           python-version: 3.11

.github/workflows/python.yml

@@ -28,7 +28,7 @@ jobs:
             files.pythonhosted.org:443
             github.com:443
             pypi.org:443
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - name: Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
         with:

.github/workflows/scorecards.yml

@@ -53,7 +53,7 @@ jobs:
             rekor.sigstore.dev:443
             sigstore-tuf-root.storage.googleapis.com:443
       - name: "Checkout code"
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
         with:
           persist-credentials: false
 

Backend/BackendFramework.csproj

@@ -20,8 +20,8 @@
       <NoWarn>NU1701</NoWarn>
     </PackageReference>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.21" />
-    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.32.1" />
-    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.32.1" />
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.32.2" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.32.2" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="MongoDB.Driver" Version="2.21.0" />
     <PackageReference Include="MailKit" Version="4.1.0" />

Dockerfile

@@ -1,5 +1,5 @@
 # User guide build environment
-FROM python:3.11.4-bookworm AS user_guide_builder
+FROM python:3.11.5-bookworm AS user_guide_builder
 
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1

deploy/requirements.txt

@@ -80,5 +80,5 @@ urllib3==1.26.16
     #   google-auth
     #   kubernetes
     #   requests
-websocket-client==1.6.1
+websocket-client==1.6.2
     # via kubernetes

dev-requirements.txt

@@ -8,8 +8,12 @@ attrs==23.1.0
     # via
     #   flake8-bugbear
     #   flake8-eradicate
+babel==2.12.1
+    # via mkdocs-material
 beautifulsoup4==4.12.2
-    # via mkdocs-htmlproofer-plugin
+    # via
+    #   mkdocs-htmlproofer-plugin
+    #   readtime
 black==23.7.0
     # via -r dev-requirements.in
 cachetools==5.3.1
@@ -39,6 +43,8 @@ cryptography==41.0.3
     # via
     #   pyopenssl
     #   types-pyopenssl
+cssselect==1.2.0
+    # via pyquery
 distlib==0.3.7
     # via virtualenv
 dnspython==2.4.2
@@ -85,12 +91,18 @@ jinja2-base64-filters==0.1.4
     # via -r dev-requirements.in
 kubernetes==27.2.0
     # via -r dev-requirements.in
+lxml==4.9.3
+    # via
+    #   mkdocs-material
+    #   pyquery
 markdown==3.4.4
     # via
     #   mkdocs
     #   mkdocs-htmlproofer-plugin
     #   mkdocs-material
     #   pymdown-extensions
+markdown2==2.4.10
+    # via readtime
 markupsafe==2.1.3
     # via
     #   jinja2
@@ -105,7 +117,7 @@ mkdocs==1.5.2
     #   mkdocs-material
 mkdocs-htmlproofer-plugin==1.0.0
     # via -r dev-requirements.in
-mkdocs-material==9.1.21
+mkdocs-material==9.2.5
     # via -r dev-requirements.in
 mkdocs-material-extensions==1.1.1
     # via mkdocs-material
@@ -125,6 +137,8 @@ packaging==23.1
     #   mkdocs
     #   pyproject-api
     #   tox
+paginate==0.5.6
+    # via mkdocs-material
 pathspec==0.11.2
     # via
     #   black
@@ -137,7 +151,7 @@ platformdirs==3.10.0
     #   mkdocs
     #   tox
     #   virtualenv
-pluggy==1.2.0
+pluggy==1.3.0
     # via tox
 pyasn1==0.5.0
     # via
@@ -155,12 +169,14 @@ pygments==2.16.1
     # via mkdocs-material
 pymdown-extensions==10.1
     # via mkdocs-material
-pymongo==4.4.1
+pymongo==4.5.0
     # via -r dev-requirements.in
 pyopenssl==23.2.0
     # via -r dev-requirements.in
 pyproject-api==1.5.4
     # via tox
+pyquery==2.0.0
+    # via readtime
 pyreadline3==3.4.1
     # via -r dev-requirements.in
 python-dateutil==2.8.2
@@ -176,6 +192,8 @@ pyyaml==6.0.1
     #   pyyaml-env-tag
 pyyaml-env-tag==0.1
     # via mkdocs
+readtime==3.0.0
+    # via mkdocs-material
 regex==2023.8.8
     # via mkdocs-material
 requests==2.31.0
@@ -201,7 +219,7 @@ tomli==2.0.1
     #   mypy
     #   pyproject-api
     #   tox
-tox==4.9.0
+tox==4.10.0
     # via -r dev-requirements.in
 types-pyopenssl==23.2.0.2
     # via -r dev-requirements.in
@@ -224,5 +242,5 @@ virtualenv==20.24.3
     # via tox
 watchdog==3.0.0
     # via mkdocs
-websocket-client==1.6.1
+websocket-client==1.6.2
     # via kubernetes

docs/user_guide/default/licenses/backend_licenses.txt

@@ -596,7 +596,7 @@ license Type:Apache-2.0
 
 ####################################################################################################
 Package:Microsoft.IdentityModel.Abstractions
-Version:6.32.1
+Version:6.32.2
 project URL:https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet
 Description:A package containing thin abstractions for Microsoft.IdentityModel.
 licenseUrl:https://licenses.nuget.org/MIT
@@ -612,7 +612,7 @@ license Type:MIT
 
 ####################################################################################################
 Package:Microsoft.IdentityModel.JsonWebTokens
-Version:6.32.1
+Version:6.32.2
 project URL:https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet
 Description:Includes types that provide support for creating, serializing and validating JSON Web Tokens.
 licenseUrl:https://licenses.nuget.org/MIT
@@ -636,7 +636,7 @@ license Type:MIT
 
 ####################################################################################################
 Package:Microsoft.IdentityModel.Logging
-Version:6.32.1
+Version:6.32.2
 project URL:https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet
 Description:Includes Event Source based logging support.
 licenseUrl:https://licenses.nuget.org/MIT
@@ -668,7 +668,7 @@ license Type:MIT
 
 ####################################################################################################
 Package:Microsoft.IdentityModel.Tokens
-Version:6.32.1
+Version:6.32.2
 project URL:https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet
 Description:Includes types that provide support for SecurityTokens, Cryptographic operations: Signing, Verifying Signatures, Encryption.
 licenseUrl:https://licenses.nuget.org/MIT
@@ -1742,7 +1742,7 @@ license Type:MIT
 
 ####################################################################################################
 Package:System.IdentityModel.Tokens.Jwt
-Version:6.32.1
+Version:6.32.2
 project URL:https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet
 Description:Includes types that provide support for creating, serializing and validating JSON Web Tokens.
 licenseUrl:https://licenses.nuget.org/MIT