This changeset updates several Python dependencies that Dependabot has flagged.
It also ignores a pip-audit report of idna, which incorrectly flagged the version we are on as having been affected by PYSEC-2024-60; this was fixed in version 3.7 of idna, which we are currently using. We will update the action again once the audit flag is corrected and/or another fix version is released (if needed).
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates the gunicorn dependency to the latest release to address a recent CVE. It also updates the its-dangerous package.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates a couple of dependencies, including our Python dependency audit check, and specifically ignores a gunicorn audit flag that appeared on 4/16/2024.
As soon as there is an update available for gunicorn that addresses the issue we will remove the flag to ignore the vulnerability report and update the dependency.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates all references to GitHub Actions to be version 4 due to a mandatory Node.js update.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset adds a missing environment variable in the cf push command for the production and demo deployments.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
- Adds Login.gov to remaining egress proxies (both prototype and production URLs)
- Swaps links to Login.gov to production environment
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
