From cd00d14c1fdb8349d21806ae1e0fc4549dbbb73a Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Wed, 17 Apr 2024 18:02:21 -0400 Subject: [PATCH] Update gunicorn to latest release This changeset updates the gunicorn dependency to the latest release to address a recent CVE. Signed-off-by: Carlo Costino --- .github/workflows/checks.yml | 2 -- poetry.lock | 15 ++++++++------- pyproject.toml | 2 +- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 402404b29..ca05cde57 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -89,8 +89,6 @@ jobs: - uses: pypa/gh-action-pip-audit@v1.0.8 with: inputs: requirements.txt - ignore-vulns: | - GHSA-w3h3-4rj7-4ph4 static-scan: runs-on: ubuntu-latest diff --git a/poetry.lock b/poetry.lock index b0b1e95c4..56be37dda 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1635,23 +1635,24 @@ test = ["objgraph", "psutil"] [[package]] name = "gunicorn" -version = "21.2.0" +version = "22.0.0" description = "WSGI HTTP Server for UNIX" optional = false -python-versions = ">=3.5" +python-versions = ">=3.7" files = [ - {file = "gunicorn-21.2.0-py3-none-any.whl", hash = "sha256:3213aa5e8c24949e792bcacfc176fef362e7aac80b76c56f6b5122bf350722f0"}, - {file = "gunicorn-21.2.0.tar.gz", hash = "sha256:88ec8bff1d634f98e61b9f65bc4bf3cd918a90806c6f5c48bc5603849ec81033"}, + {file = "gunicorn-22.0.0-py3-none-any.whl", hash = "sha256:350679f91b24062c86e386e198a15438d53a7a8207235a78ba1b53df4c4378d9"}, + {file = "gunicorn-22.0.0.tar.gz", hash = "sha256:4a0b436239ff76fb33f11c07a16482c521a7e09c1ce3cc293c2330afe01bec63"}, ] [package.dependencies] -eventlet = {version = ">=0.24.1", optional = true, markers = "extra == \"eventlet\""} +eventlet = {version = ">=0.24.1,<0.36.0 || >0.36.0", optional = true, markers = "extra == \"eventlet\""} packaging = "*" [package.extras] -eventlet = ["eventlet (>=0.24.1)"] +eventlet = ["eventlet (>=0.24.1,!=0.36.0)"] gevent = ["gevent (>=1.4.0)"] setproctitle = ["setproctitle"] +testing = ["coverage", "eventlet", "gevent", "pytest", "pytest-cov"] tornado = ["tornado (>=0.2)"] [[package]] @@ -4800,4 +4801,4 @@ multidict = ">=4.0" [metadata] lock-version = "2.0" python-versions = "^3.12.2" -content-hash = "dcbbd4dd7bd9336e8c13f171c9dfe7e54194254c87d10711b1cd7748d38ce19c" +content-hash = "ac4a9cfb1ee9b5d8824385113cc825e55aefa8ad599649bde17b0333ed304dcd" diff --git a/pyproject.toml b/pyproject.toml index 47b6f1d58..c22cc6933 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -33,7 +33,7 @@ flask-marshmallow = "==0.14.0" flask-migrate = "==4.0.7" flask-redis = "==0.4.0" flask-sqlalchemy = "==3.0.5" -gunicorn = {version = "==21.2.0", extras = ["eventlet"]} +gunicorn = {version = "==22.0.0", extras = ["eventlet"]} iso8601 = "==2.1.0" jsonschema = {version = "==4.20.0", extras = ["format"]} lxml = "==5.2.1"