This changeset updates several Python dependencies that Dependabot has flagged.
It also ignores a pip-audit report of idna, which incorrectly flagged the version we are on as having been affected by PYSEC-2024-60; this was fixed in version 3.7 of idna, which we are currently using. We will update the action again once the audit flag is corrected and/or another fix version is released (if needed).
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates several Python dependencies that Dependabot had flagged for updating. It includes a few others that we are getting ahead of, as well.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
The npm install line needs to be run within the context of the nvm-managed Node.js and should happen after that environment is initialized but before the build step. This also adds a couple more Python dependency updates that Dependabot flagged as well.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates Python dependencies that Dependabot has flagged in addition to several others that were due for updates. It also reformats a test file via black.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates a couple of dependencies flagged by Dependabot and fixes an end-to-end test that needed to be updated with the one-off send filename changes.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates several Python dependencies that Dependabot flagged for updates due to end-to-end tests still failing in Dependabot PRs.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates a few Python dependencies the week of May 28th to help keep our project up-to-date.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
The merging of notifications_utils to this repo does not deploy because of missing dependencies. This changeset adds them back in directly.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset pulls in all of the notification_utils code directly into the admin and removes it as an external dependency. We are doing this to cut down on operational maintenance of the project and will begin removing parts of it no longer needed for the admin.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates several dependencies flagged by Dependabot that we cannot merge directly due to the E2E test issue.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates a few dependencies that Dependabot flagged for updates. We cannot merge the Dependabot PRs at the moment due to E2E test compatability issues.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates the exceptiongroup and newrelic packages due to the Dependabot E2E test failures
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates the gunicorn dependency to the latest release to address a recent CVE. It also updates the its-dangerous package.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates notifications-utils to 0.4.5, which includes a few minor fixes and several dependency updates.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates several dependencies that Dependabot has flagged for us but cannot merge due to the E2E test bug with it.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
