From 59b032512492cb3dbd801ebfce62a7a41dcf7c1f Mon Sep 17 00:00:00 2001
From: Carlo Costino <carlo.costino@gsa.gov>
Date: Mon, 17 Jun 2024 23:46:59 -0400
Subject: [PATCH] Adjust npm install line and update Python dependencies

The npm install line needs to be run within the context of the nvm-managed Node.js and should happen after that environment is initialized but before the build step.  This also adds a couple more Python dependency updates that Dependabot flagged as well.

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
---
 Makefile          |  6 +++++-
 package-lock.json |  1 -
 poetry.lock       | 29 ++++++++++++++---------------
 pyproject.toml    |  6 +++---
 4 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/Makefile b/Makefile
index 45af569a2..ab8e3178a 100644
--- a/Makefile
+++ b/Makefile
@@ -21,8 +21,8 @@ bootstrap: generate-version-file ## Set up everything to run the app
 	poetry install --sync --no-root
 	poetry run playwright install --with-deps
 	poetry run pre-commit install
-	npm install
 	source $(NVMSH) --no-use && nvm install && npm ci --no-audit
+	source $(NVMSH) && npm install
 	source $(NVMSH) && npm run build
 
 .PHONY: watch-frontend
@@ -41,6 +41,10 @@ run-flask-bare:  ## Run flask without invoking poetry so we can override ENV var
 npm-audit:  ## Check for vulnerabilities in NPM packages
 	source $(NVMSH) && npm run audit
 
+.PHONY: npm-audit-fix
+npm-audit-fix:  ## Fix vulnerabilities that do not require attentino (according to npm)
+	source $(NVMSH) && npm audit fix
+
 .PHONY: help
 help:
 	@cat $(MAKEFILE_LIST) | grep -E '^[a-zA-Z_-]+:.*?## .*$$' | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
diff --git a/package-lock.json b/package-lock.json
index 6d66f909f..e00444ef9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14994,7 +14994,6 @@
       "version": "8.17.1",
       "resolved": "https://registry.npmjs.org/ws/-/ws-8.17.1.tgz",
       "integrity": "sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==",
-      "dev": true,
       "engines": {
         "node": ">=10.0.0"
       },
diff --git a/poetry.lock b/poetry.lock
index 4a5e7b7c7..d73c31d04 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -182,17 +182,17 @@ files = [
 
 [[package]]
 name = "boto3"
-version = "1.34.127"
+version = "1.34.128"
 description = "The AWS SDK for Python"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "boto3-1.34.127-py3-none-any.whl", hash = "sha256:d370befe4fb7aea5bc383057d7dad18dda5d0cf3cd3295915bcc8c8c4191905c"},
-    {file = "boto3-1.34.127.tar.gz", hash = "sha256:58ccdeae3a96811ecc9d5d866d8226faadbd0ee1891756e4a04d5186e9a57a64"},
+    {file = "boto3-1.34.128-py3-none-any.whl", hash = "sha256:a048ff980a81cd652724a73bc496c519b336fabe19cc8bfc6c53b2ff6eb22c7b"},
+    {file = "boto3-1.34.128.tar.gz", hash = "sha256:43a6e99f53a8d34b3b4dbe424dbcc6b894350dc41a85b0af7c7bc24a7ec2cead"},
 ]
 
 [package.dependencies]
-botocore = ">=1.34.127,<1.35.0"
+botocore = ">=1.34.128,<1.35.0"
 jmespath = ">=0.7.1,<2.0.0"
 s3transfer = ">=0.10.0,<0.11.0"
 
@@ -201,13 +201,13 @@ crt = ["botocore[crt] (>=1.21.0,<2.0a0)"]
 
 [[package]]
 name = "botocore"
-version = "1.34.127"
+version = "1.34.128"
 description = "Low-level, data-driven core of boto 3."
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "botocore-1.34.127-py3-none-any.whl", hash = "sha256:e14fa28c8bb141de965e700f88b196d17c67a703c7f0f5c7e14f7dd1cf636011"},
-    {file = "botocore-1.34.127.tar.gz", hash = "sha256:a377871742c40603d559103f19acb7bc93cfaf285e68f21b81637ec396099877"},
+    {file = "botocore-1.34.128-py3-none-any.whl", hash = "sha256:db67fda136c372ab3fa432580c819c89ba18d28a6152a4d2a7ea40d44082892e"},
+    {file = "botocore-1.34.128.tar.gz", hash = "sha256:8d8e03f7c8c080ecafda72036eb3b482d649f8417c90b5dca33b7c2c47adb0c9"},
 ]
 
 [package.dependencies]
@@ -1681,7 +1681,6 @@ files = [
     {file = "msgpack-1.0.8-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:5fbb160554e319f7b22ecf530a80a3ff496d38e8e07ae763b9e82fadfe96f273"},
     {file = "msgpack-1.0.8-cp39-cp39-win32.whl", hash = "sha256:f9af38a89b6a5c04b7d18c492c8ccf2aee7048aff1ce8437c4683bb5a1df893d"},
     {file = "msgpack-1.0.8-cp39-cp39-win_amd64.whl", hash = "sha256:ed59dd52075f8fc91da6053b12e8c89e37aa043f8986efd89e61fae69dc1b011"},
-    {file = "msgpack-1.0.8-py3-none-any.whl", hash = "sha256:24f727df1e20b9876fa6e95f840a2a2651e34c0ad147676356f4bf5fbb0206ca"},
     {file = "msgpack-1.0.8.tar.gz", hash = "sha256:95c02b0e27e706e48d0e5426d1710ca78e0f0628d6e89d5b5a5b91a5f12274f3"},
 ]
 
@@ -1888,13 +1887,13 @@ files = [
 
 [[package]]
 name = "phonenumbers"
-version = "8.13.38"
+version = "8.13.39"
 description = "Python version of Google's common library for parsing, formatting, storing and validating international phone numbers."
 optional = false
 python-versions = "*"
 files = [
-    {file = "phonenumbers-8.13.38-py2.py3-none-any.whl", hash = "sha256:d22aa747fb591ef2a18afec13cab5a0e294ab20fce5a1560e4949e459e70eeef"},
-    {file = "phonenumbers-8.13.38.tar.gz", hash = "sha256:2822c74ee9334e9d8ad792fc352cc8d21004307349b6b1bb61da12937fa2eaba"},
+    {file = "phonenumbers-8.13.39-py2.py3-none-any.whl", hash = "sha256:3ad2d086fa71e7eef409001b9195ac54bebb0c6e3e752209b558ca192c9229a0"},
+    {file = "phonenumbers-8.13.39.tar.gz", hash = "sha256:db7ca4970d206b2056231105300753b1a5b229f43416f8c2b3010e63fbb68d77"},
 ]
 
 [[package]]
@@ -2966,13 +2965,13 @@ files = [
 
 [[package]]
 name = "urllib3"
-version = "2.2.1"
+version = "2.2.2"
 description = "HTTP library with thread-safe connection pooling, file post, and more."
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "urllib3-2.2.1-py3-none-any.whl", hash = "sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d"},
-    {file = "urllib3-2.2.1.tar.gz", hash = "sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19"},
+    {file = "urllib3-2.2.2-py3-none-any.whl", hash = "sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472"},
+    {file = "urllib3-2.2.2.tar.gz", hash = "sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168"},
 ]
 
 [package.extras]
@@ -3112,4 +3111,4 @@ files = [
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.12.2"
-content-hash = "9636de2bab29446f6803efa5813b6ebd16ecff22ac5bc371196fa4b6a7d87a30"
+content-hash = "b45f2c38493f81bd7fc9d4bfd294b001d71e4082380eb0851d4f3ea8dcdb949c"
diff --git a/pyproject.toml b/pyproject.toml
index 39d340c8b..4dd46365a 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -39,8 +39,8 @@ wtforms = "~=3.1"
 markdown = "^3.5.2"
 async-timeout = "^4.0.3"
 bleach = "^6.1.0"
-boto3 = "^1.34.126"
-botocore = "^1.34.126"
+boto3 = "^1.34.128"
+botocore = "^1.34.128"
 cachetools = "^5.3.3"
 cffi = "^1.16.0"
 cryptography = "^42.0.8"
@@ -50,7 +50,7 @@ jmespath = "^1.0.1"
 mistune = "0.8.4"
 numpy = "^1.26.4"
 ordered-set = "^4.1.0"
-phonenumbers = "^8.13.38"
+phonenumbers = "^8.13.39"
 pycparser = "^2.22"
 python-json-logger = "^2.0.7"
 redis = "^5.0.6"