Q3 2023 version update audit (#142)

.github/workflows/build-and-publish-docker-images.yml

@@ -14,12 +14,12 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.base.ref }}
 
       - name: Log in to the Container Registry
-        uses: docker/login-action@v2.1.0
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}

.github/workflows/common-static-analysis.yml

@@ -3,17 +3,17 @@ on: [push, pull_request, workflow_dispatch]
 
 env:
   MARKDOWNLINT_CONFIG: etc/static-analysis/markdownlint.json
-  HADOLINT_DOCKER: hadolint/hadolint:v2.8.0
+  HADOLINT_DOCKER: hadolint/hadolint:v2.12.0
   SHELLCHECK_DOCKER: koalaman/shellcheck:v0.9.0
-  MARKDOWN_DOCKER: ghcr.io/igorshubovych/markdownlint-cli:v0.32.2
+  MARKDOWN_DOCKER: ghcr.io/igorshubovych/markdownlint-cli:v0.37.0
 
 jobs:
   docker-shell-markdown-static-analysis:
     runs-on: ubuntu-22.04
     if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Pulling Docker containers
       run: |
         docker pull $HADOLINT_DOCKER

.github/workflows/development-main-deployment.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: self-hosted
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: HEAD^
 

.github/workflows/draft-paper.yml

@@ -15,14 +15,14 @@ jobs:
     name: JOSS pandoc paper draft
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Build draft PDF
         uses: openjournals/openjournals-draft-action@master
         with:
           journal: joss
           paper-path: paper.md
       - name: Upload
-        uses: actions/upload-artifact@v1
+        uses: actions/upload-artifact@v3
         with:
           name: paper
           path: paper.pdf

.github/workflows/nodejs.yml

@@ -14,10 +14,10 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [16.2]
+        node-version: [20.8]
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Use Node.js ${{ matrix.node-version }}
       uses: actions/setup-node@v3
       with:

.github/workflows/python.yml

@@ -16,14 +16,14 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ["3.8"]
+        python-version: ["3.11"]
 
     defaults:
       run:
         working-directory: ./backend
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up Python ${{ matrix.python-version }}
       uses: actions/setup-python@v4
       with:

.github/workflows/system-tests.yml

@@ -8,15 +8,15 @@ jobs:
     if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Running the setup.sh script
       run: |
         sh setup.sh
     - name: Cypress tests
-      uses: cypress-io/github-action@v5
+      uses: cypress-io/github-action@v6
       with:
         working-directory: system-tests
-        browser: electron
+        browser: chrome
         headed: false
         start: docker compose up --build -d
         wait-on: 'http://local.rosalution.cgds'

CODE_OF_CONDUCT.md

@@ -48,7 +48,7 @@ This Code of Conduct applies within all community spaces, and also applies when
 ## Enforcement
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders
- responsible for enforcement at [email protected]. All complaints will be reviewed and investigated
+ responsible for enforcement at `[email protected]`. All complaints will be reviewed and investigated
  promptly and fairly.
 
 All community leaders are obligated to respect the privacy and security of the reporter of any incident.

CONTRIBUTING.md

@@ -76,4 +76,4 @@ We will review your issue and work to resolve the bug as soon as possible. Thank
 
 ## Seeking Support
 
-For support in setting up and using Rosalution, please feel free to either use GitHub Issues or contact us via email on [email protected].
+For support in setting up and using Rosalution, please feel free to either use GitHub Issues or contact us via email on `[email protected]`.

README.md

@@ -56,10 +56,10 @@ The following pre-requisites are required to be installed in the target *NIX env
 deploying and testing Rosalution. Install environment dependencies below using
 the respective installation instructions for your target environment.
 
-- [Node.JS 16+](https://nodejs.org/en/) & [Classic Yarn](https://classic.yarnpkg.com/en/)
+- [Node.JS 20.8+](https://nodejs.org/en/) & [Classic Yarn](https://classic.yarnpkg.com/en/)
     - Node.JS recommends managing Node.JS installations with [nvm](https://www.npmjs.com/package/npx) - [install](https://github.com/nvm-sh/nvm#install--update-script)
     - Yarn is not included with Node.JS with `nvm`. Run `npm install --global yarn` once Node.JS is installed. - [install](https://classic.yarnpkg.com/en/docs/install)
-- [Python 3.8+](https://www.python.org/) - [Install](https://www.python.org/downloads/)
+- [Python 3.11+](https://www.python.org/) - [Install](https://www.python.org/downloads/)
     - `pip3` to install the required packages for development within a virtual environment
     - `python venv` Some system installations of Python 3+ do not include python virtual environments that were added
       in Python 3.3+.  Additional installation and setup may be necessary if using Python packaged with an OS (such as Ubuntu).
@@ -458,7 +458,7 @@ To report a bug, refer to [🐞Reporting Issues](CONTRIBUTING.md#reporting-issue
 ## Maintainers
 
 - [Angelina Uno-Antonison](https://github.com/SeriousHorncat)
-    - Email: [email protected]
+    - Email: `[email protected]`
 - [Rabab Fatima](https://github.com/fatimarabab)
 - [James Scherer](https://github.com/JmScherer)
 

backend/.pylintrc

@@ -310,8 +310,8 @@ min-public-methods=2
 [EXCEPTIONS]
 
 # Exceptions that will emit a warning when caught.
-overgeneral-exceptions=BaseException,
-                       Exception
+overgeneral-exceptions=builtins.BaseException,
+                       builtins.Exception
 
 
 [FORMAT]

backend/Dockerfile

@@ -1,13 +1,13 @@
 # Local Development Stage
-FROM python:3.9.10 as development-stage
+FROM python:3.11-slim-bookworm as development-stage
 WORKDIR /app
 COPY requirements.txt /app/requirements.txt
 RUN pip install --no-cache-dir --upgrade -r /app/requirements.txt
 COPY ./src /app/src
 ENTRYPOINT ["/bin/sh", "-c", "uvicorn src.main:app --host 0.0.0.0 --port 8000 --log-level info --reload"]
 
 # Production Build Stage
-FROM python:3.9.10 as production-stage
+FROM python:3.11-slim-bookworm as production-stage
 WORKDIR /app
 COPY logging.conf /app/logging.conf
 COPY requirements.txt /app/requirements.txt

backend/README.md

@@ -1,6 +1,6 @@
 # Rosalution Backend
 
-Rosalution's backend uses FastAPI as a Python REST endpoint framework to accept and proccess frontend and user requests.
+Rosalution's backend uses FastAPI as a Python REST endpoint framework to accept and process frontend and user requests.
 
 It is currently used to handle Rosalution's authentication system, interact with MongoDB for state management,
 and the web accessible Swagger API documentation.
@@ -9,7 +9,7 @@ and the web accessible Swagger API documentation.
 
 ### Dependencies
 
-- [Python 3.8+](https://www.python.org/) - [Install](https://www.python.org/downloads/)
+- [Python 3.11](https://www.python.org/) - [Install](https://www.python.org/downloads/)
 - [Pip](https://pip.pypa.io/en/{"originTabId":1,"originWindowId":1}stable/) - [Install](https://pip.pypa.io/en/stable/installation/)
 
 ### Requirements
@@ -25,7 +25,7 @@ isolated virtual environments for these projects.
 All packages necessary for Rosalution development are installed into the `./backend/rosalution_env/` virtual
 environment in the setup.sh script.
 
-To create this isolation we use the python virtual environment [venv](https://docs.python.org/3.8/library/venv.html).
+To create this isolation we use the python virtual environment [venv](https://docs.python.org/3.11/library/venv.html).
 Refer to the python virtual environment for documentation.
 
 Note: Make sure setup.sh script is run as this installs the rosalution_env and all it's dependencies.
@@ -44,7 +44,7 @@ of startup.
 
 - **ROSALUTION_ENV** Sets whether the application's environment is in production. This will run the backend with the
 [-O flag](https://docs.python.org/3/using/cmdline.html#cmdoption-O) which will turn off `__debug__` statements
-within the backend codebase when using the 'entrypoint-init.sh` to start the applicaiton.
+within the backend codebase when using the 'entrypoint-init.sh` to start the application.
 - **MONGODB_HOST** Sets the host or host:port for the server host address for MongoDB.
     (default) rosalution-db
       - The default is the **docker compose** name for the service, so inside other docker containers within the same network,
@@ -70,13 +70,17 @@ If another entity has or wishes to employ a CAS authority, the defined configura
 
 - This is not CAS specific, but it is employed when CAS fails and redirects the user to a specific url in the app
 
-**cas_api_service_url**: str = "http://dev.cgds.uab.edu/rosalution/api/auth/login?nexturl=%2F"
+```python
+cas_api_service_url: str = "http://dev.cgds.uab.edu/rosalution/api/auth/login?nexturl=%2F"
+```
 
 - The application's url and nexturl defines where to redirect when login is successful
 - **nexturl** is a CAS parameter that tells the server where to redirect to in your application when completing the
 CAS interaction. The **nexturl** parameter will use a relative path.
 
-**cas_server_url**: str = "https://padlockdev.idm.uab.edu/cas/"
+```python
+cas_server_url: str = "https://padlockdev.idm.uab.edu/cas/"
+```
 
 - Defines where the CAS url can be reached
 

backend/requirements.txt

@@ -1,18 +1,18 @@
-fastapi==0.74.1
-uvicorn[standard]==0.22.0
+fastapi[all]==0.103.2
+uvicorn[standard]==0.23.2
 python-cas==1.6.0
 itsdangerous==2.1.2
-pymongo==4.3.3
-jq==1.4.0
+pymongo==4.5.0
+jq==1.6.0
 
-python-multipart==0.0.5
+python-multipart==0.0.6
 python-jose[cryptography]==3.3.0
 passlib==1.7.4
 bcrypt==4.0.1
 
 # dev
 pytest-cov==4.0.0
-pytest==7.2.1
-pylint==2.15.10
-requests==2.28.2
-yapf==0.32.0
+pytest==7.4.2
+pylint==3.0.0
+requests==2.31.0
+yapf==0.40.2

backend/src/config.py

@@ -5,7 +5,8 @@
 """
 # pylint: disable=too-few-public-methods
 from functools import lru_cache
-from pydantic import BaseSettings, root_validator
+from pydantic import model_validator
+from pydantic_settings import BaseSettings
 
 
 class Settings(BaseSettings):
@@ -18,15 +19,15 @@ class Settings(BaseSettings):
     mongodb_host: str = "rosalution-db"
     mongodb_db: str = "rosalution_db"
     rosalution_key: str
-    auth_web_failure_redirect_route = "/login"
+    auth_web_failure_redirect_route: str = "/login"
     oauth2_access_token_expire_minutes: int = 60 * 24 * 8  # 60 minutes * 24 hours * 8 days = 8 days
     oauth2_algorithm: str = "HS256"
     openapi_api_token_route: str = "auth/token"
     cas_api_service_url: str = "http://dev.cgds.uab.edu/rosalution/api/auth/login?nexturl=%2F"
     cas_server_url: str = "https://padlockdev.idm.uab.edu/cas/"
     cas_login_enable: bool = False
 
-    @root_validator(pre=True)
+    @model_validator(mode="before")
     @classmethod
     def rosalution_key_exists(cls, values):
         """

backend/src/models/analysis.py

@@ -7,7 +7,7 @@
 from multiprocessing import Event
 import re
 from typing import List, Optional
-from pydantic import BaseModel, root_validator
+from pydantic import BaseModel, computed_field
 
 from .event import Event
 
@@ -34,29 +34,39 @@ class BaseAnalysis(BaseModel):
     """The share parts of an analysis and it's summary"""
 
     name: str
-    description: Optional[str]
+    description: Optional[str] = None
     nominated_by: str
-    latest_status: Optional[StatusType]
-    created_date: Optional[date]
-    last_modified_date: Optional[date]
     timeline: List[Event] = []
     third_party_links: Optional[List] = []
 
-    # The structure of the root_validator from pydantic requires the method to be setup this way even if there is no
-    # self being used and no self argument
-    @root_validator
-    def compute_dates_and_status(cls, values):  #pylint: disable=no-self-argument
-        """Computes the dates and status of an analysis from a timeline"""
-        if len(values['timeline']) == 0:
-            return values
-
-        last_event = sorted(values['timeline'], key=lambda event: event.timestamp, reverse=True)[0]
-        values['last_modified_date'] = last_event.timestamp.date()
-        values['created_date'] = next(
-            (event.timestamp.date() for event in values['timeline'] if event.event == EventType.CREATE), None
-        )
-        values['latest_status'] = StatusType.from_event(last_event.event)
-        return values
+    @computed_field
+    @property
+    def created_date(self) -> date:
+        """The created date derived from the create event in the timeline"""
+        if len(self.timeline) == 0:
+            return None
+
+        return next((event.timestamp.date() for event in self.timeline if event.event == EventType.CREATE), None)
+
+    @computed_field
+    @property
+    def last_modified_date(self) -> date:
+        """The last modified date derived from the last event in the timeline"""
+        if len(self.timeline) == 0:
+            return None
+
+        last_event = sorted(self.timeline, key=lambda event: event.timestamp, reverse=True)[0]
+        return last_event.timestamp.date()
+
+    @computed_field
+    @property
+    def latest_status(self) -> StatusType:
+        """The status as calculated from the events on the timeline"""
+        if len(self.timeline) == 0:
+            return None
+
+        last_event = sorted(self.timeline, key=lambda event: event.timestamp, reverse=True)[0]
+        return StatusType.from_event(last_event.event)
 
 
 class AnalysisSummary(BaseAnalysis):