darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-24 01:11:38 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
ffc7aec61c2207d054382a4e7fe96af6c1901f7c
notifications-api/requirements-app.txt
Chris Hill-Scott ecd2b0c4a3 Bump Werkzeug to version 2.0.2 
This is the newest version.

Pyup is complaining about vulnerabilities in version 1.0.1, specifically
> Werkzeug version 2.0.2 improves the security of the debugger cookies.
> "SameSite" attribute is set to "Strict" instead of "None", and the
> secure flag is added when on HTTPS.

Previously we were using whatever version of Werkzeug that Flask
specified this pins it to get rid of the vulnerability without having to
upgrade everything at once.

We’ve done this for the admin app already:
https://github.com/alphagov/notifications-admin/pull/4042/files

I suspect the memory usage issues we saw with version 2.0.0 have been
fixed in 2.0.2, per this line in the changelog:
> Fix memory usage for locals when using Python 3.6 or pre 0.4.17 greenlet versions.
> https://github.com/pallets/werkzeug/pull/2212https://werkzeug.palletsprojects.com/en/2.0.x/changes/
2021-10-18 15:00:39 +01:00

44 lines
1.3 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Run `make freeze-requirements` to update requirements.txt
# with package version changes made in requirements-app.txt
cffi==1.14.5
celery[sqs]==3.1.26.post2 # pyup: <4
docopt==0.6.2
Flask-Bcrypt==0.7.1
flask-marshmallow==0.14.0
Flask-Migrate==2.7.0
git+https://github.com/mitsuhiko/flask-sqlalchemy.git@500e732dd1b975a56ab06a46bd1a20a21e682262#egg=Flask-SQLAlchemy==2.3.2.dev20190108
Flask==1.1.2
click-datetime==0.2
eventlet==0.30.2 # pyup: ignore # 0.31 breaks Gunicorn
gunicorn==20.1.0
iso8601==0.1.14
itsdangerous==1.1.0
jsonschema==3.2.0
marshmallow-sqlalchemy==0.23.1 # pyup: <0.24.0 # marshmallow v3 throws errors
marshmallow==2.21.0 # pyup: <3 # v3 throws errors
psycopg2-binary==2.8.6
PyJWT==2.0.1
SQLAlchemy==1.4.10
strict-rfc3339==0.7
rfc3987==1.3.8
cachetools==4.2.1
beautifulsoup4==4.9.3
lxml==4.6.3
Werkzeug==2.0.2
# higher version causes build to fail on PaaS due to lack of Rust
# see https://github.com/pyca/cryptography/issues/5810
cryptography<3.4 # pyup: <3.4
notifications-python-client==6.0.2
# PaaS
awscli-cwlogs==1.4.6
git+https://github.com/alphagov/notifications-utils.git@46.1.0#egg=notifications-utils==46.1.0
# gds-metrics requires prometheseus 0.2.0, override that requirement as 0.7.1 brings significant performance gains
prometheus-client==0.10.1
gds-metrics==0.2.4
Reference in New Issue View Git Blame Copy Permalink