From 430dfe7afbb6da00d1ace2ff3368722c059ac5fd Mon Sep 17 00:00:00 2001 From: Serhii Koropets <33310880+koropets@users.noreply.github.com> Date: Mon, 30 Sep 2024 10:52:16 +0300 Subject: [PATCH] Update dependencies 09.2024 (#1400) * Update dependencies 09.2024 * Fix CVE-2024-6345 * Fix CVE-2024-34156, CVE-2024-34156 * Temporary ignore CVE-2024-34156 --- .trivyignore | 2 + Dockerfile | 10 +- requirements/full_requirements.txt | 159 ++++++++++++++++------------- requirements/test_requirements.txt | 64 ++++++------ 4 files changed, 127 insertions(+), 108 deletions(-) diff --git a/.trivyignore b/.trivyignore index e69de29bb..09dcffb6a 100644 --- a/.trivyignore +++ b/.trivyignore @@ -0,0 +1,2 @@ +# There is no fix for this CVE in https://github.com/argoproj/argo-workflows CLI +CVE-2024-34156 diff --git a/Dockerfile b/Dockerfile index 10f51b893..0f3caadb6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,6 +10,9 @@ RUN apt-get update && apt-get install -y \ git \ && rm -rf /var/lib/apt/lists/* +# Fix CVE-2024-6345 +RUN pip install setuptools==70.0.0 + WORKDIR /code RUN rm -rf /code/dist \ && python setup.py sdist \ @@ -34,6 +37,9 @@ RUN apt-get update && apt-get install -y \ jq \ && rm -rf /var/lib/apt/lists/* +# Fix CVE-2024-6345 +RUN pip install setuptools==70.0.0 + # Install requirements separately for improved docker caching COPY --from=builder /code/prereq.txt . RUN pip install --no-deps -r prereq.txt --no-cache-dir @@ -47,7 +53,7 @@ RUN pip install gordo-packed.tar.gz[full] # Install GordoDeploy dependencies ARG HTTPS_PROXY -ARG KUBECTL_VERSION="v1.30.2" +ARG KUBECTL_VERSION="v1.31.1" #donwload & install kubectl RUN curl -sSL -o /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl &&\ @@ -74,7 +80,7 @@ RUN cp ${HOME}/build.sh /usr/bin/build \ WORKDIR ${HOME} #download & install argo -ENV ARGO_VERSIONS="[{\"number\":3,\"version\":\"3.5.8\"}]" +ENV ARGO_VERSIONS="[{\"number\":3,\"version\":\"3.5.11\"}]" COPY scripts/download_argo.py ./download_argo.py RUN python3 ./download_argo.py -o /usr/local/bin diff --git a/requirements/full_requirements.txt b/requirements/full_requirements.txt index 642d64ee0..ad2d40e2f 100644 --- a/requirements/full_requirements.txt +++ b/requirements/full_requirements.txt @@ -13,11 +13,11 @@ adal==1.2.7 # via # azureml-core # msrestazure -alembic==1.13.2 +alembic==1.13.3 # via mlflow aniso8601==9.0.1 # via graphene -argcomplete==3.4.0 +argcomplete==3.5.0 # via # azureml-core # knack @@ -33,7 +33,7 @@ azure-common==1.1.28 # azure-mgmt-resource # azure-mgmt-storage # azureml-core -azure-core==1.30.2 +azure-core==1.31.0 # via # azure-mgmt-core # azureml-core @@ -52,9 +52,9 @@ azure-mgmt-core==1.4.0 # azure-mgmt-network # azure-mgmt-resource # azure-mgmt-storage -azure-mgmt-keyvault==10.3.0 +azure-mgmt-keyvault==10.3.1 # via azureml-core -azure-mgmt-network==25.4.0 +azure-mgmt-network==26.0.0 # via azureml-core azure-mgmt-resource==23.1.1 # via azureml-core @@ -66,19 +66,20 @@ backports-tempfile==1.0 # via azureml-core backports-weakref==1.0.post1 # via backports-tempfile -bcrypt==4.1.3 +bcrypt==4.2.0 # via paramiko blinker==1.8.2 # via flask -cachetools==5.3.3 +cachetools==5.5.0 # via + # google-auth # gordo-core - # mlflow -certifi==2024.7.4 + # mlflow-skinny +certifi==2024.8.30 # via # msrest # requests -cffi==1.16.0 +cffi==1.17.1 # via # cryptography # pynacl @@ -88,14 +89,14 @@ click==8.1.7 # via # flask # gordo-client - # mlflow + # mlflow-skinny cloudpickle==3.0.0 - # via mlflow + # via mlflow-skinny contextlib2==21.6.0 # via azureml-core -contourpy==1.2.1 +contourpy==1.3.0 # via matplotlib -cryptography==42.0.8 +cryptography==43.0.1 # via # adal # msal @@ -105,32 +106,36 @@ cryptography==42.0.8 # secretstorage cycler==0.12.1 # via matplotlib +databricks-sdk==0.33.0 + # via mlflow-skinny dataclasses-json==0.6.7 # via -r requirements.in deprecated==1.2.14 - # via opentelemetry-api + # via + # opentelemetry-api + # opentelemetry-semantic-conventions dictdiffer==0.9.0 # via -r requirements.in docker==7.1.0 # via # azureml-core # mlflow -entrypoints==0.4 - # via mlflow flask==2.3.3 # via # -r requirements.in # mlflow flatbuffers==24.3.25 # via tensorflow -fonttools==4.53.0 +fonttools==4.54.1 # via matplotlib gast==0.6.0 # via tensorflow gitdb==4.0.11 # via gitpython gitpython==3.1.43 - # via mlflow + # via mlflow-skinny +google-auth==2.35.0 + # via databricks-sdk google-pasta==0.2.0 # via tensorflow gordo-client==6.3.0 @@ -139,13 +144,15 @@ gordo-core==0.3.6 # via gordo-client graphene==3.3 # via mlflow -graphql-core==3.2.3 +graphql-core==3.2.4 # via # graphene # graphql-relay graphql-relay==3.2.0 # via graphene -grpcio==1.64.1 +greenlet==3.1.1 + # via sqlalchemy +grpcio==1.66.2 # via # tensorboard # tensorflow @@ -153,17 +160,17 @@ gunicorn==22.0.0 # via # -r requirements.in # mlflow -h5py==3.11.0 +h5py==3.12.1 # via # keras # tensorflow humanfriendly==10.0 # via azureml-core -idna==3.7 +idna==3.10 # via requests -importlib-metadata==7.1.0 +importlib-metadata==8.4.0 # via - # mlflow + # mlflow-skinny # opentelemetry-api influxdb==5.3.2 # via gordo-core @@ -191,14 +198,14 @@ jmespath==1.0.1 # knack joblib==1.4.2 # via scikit-learn -jsonpickle==3.2.2 +jsonpickle==3.3.0 # via azureml-core keras==3.3.3 # via # -r requirements.in # scikeras # tensorflow -kiwisolver==1.4.5 +kiwisolver==1.4.7 # via matplotlib knack==0.11.0 # via azureml-core @@ -206,7 +213,7 @@ libclang==18.1.1 # via tensorflow mako==1.3.5 # via alembic -markdown==3.6 +markdown==3.7 # via # mlflow # tensorboard @@ -217,9 +224,9 @@ markupsafe==2.1.5 # jinja2 # mako # werkzeug -marshmallow==3.21.3 +marshmallow==3.22.0 # via dataclasses-json -matplotlib==3.9.1 +matplotlib==3.9.2 # via mlflow mdurl==0.1.2 # via markdown-it-py @@ -227,15 +234,17 @@ ml-dtypes==0.3.2 # via # keras # tensorflow -mlflow==2.14.2 +mlflow==2.16.2 # via -r mlflow_requirements.in -msal==1.29.0 +mlflow-skinny==2.16.2 + # via mlflow +msal==1.31.0 # via # azureml-core # msal-extensions msal-extensions==1.2.0 # via azureml-core -msgpack==1.0.8 +msgpack==1.1.0 # via influxdb msrest==0.7.1 # via @@ -264,7 +273,6 @@ numpy==1.26.4 # ml-dtypes # mlflow # numexpr - # opt-einsum # pandas # pyarrow # scikit-learn @@ -274,18 +282,18 @@ numpy==1.26.4 # xarray oauthlib==3.2.2 # via requests-oauthlib -opentelemetry-api==1.25.0 +opentelemetry-api==1.27.0 # via - # mlflow + # mlflow-skinny # opentelemetry-sdk # opentelemetry-semantic-conventions -opentelemetry-sdk==1.25.0 - # via mlflow -opentelemetry-semantic-conventions==0.46b0 +opentelemetry-sdk==1.27.0 + # via mlflow-skinny +opentelemetry-semantic-conventions==0.48b0 # via opentelemetry-sdk -opt-einsum==3.3.0 +opt-einsum==3.4.0 # via tensorflow -optree==0.11.0 +optree==0.12.1 # via keras packaging==24.1 # via @@ -295,7 +303,7 @@ packaging==24.1 # knack # marshmallow # matplotlib - # mlflow + # mlflow-skinny # tensorflow # xarray pandas==1.5.3 @@ -303,23 +311,23 @@ pandas==1.5.3 # gordo-core # mlflow # xarray -paramiko==3.4.0 +paramiko==3.5.0 # via azureml-core pathspec==0.12.1 # via azureml-core -peewee==3.17.5 +peewee==3.17.6 # via -r postgres_requirements.in pillow==10.4.0 # via matplotlib pkginfo==1.11.1 # via azureml-core -portalocker==2.10.0 +portalocker==2.10.1 # via msal-extensions -prometheus-client==0.20.0 +prometheus-client==0.21.0 # via -r requirements.in -protobuf==4.25.3 +protobuf==4.25.5 # via - # mlflow + # mlflow-skinny # tensorboard # tensorflow psycopg2-binary==2.9.9 @@ -328,28 +336,33 @@ pyarrow==14.0.2 # via # gordo-core # mlflow -pyasn1==0.6.0 - # via ndg-httpsclient +pyasn1==0.6.1 + # via + # ndg-httpsclient + # pyasn1-modules + # rsa +pyasn1-modules==0.4.1 + # via google-auth pycparser==2.22 # via cffi -pydantic==1.10.17 +pydantic==1.10.18 # via gordo-client pygments==2.18.0 # via # knack # rich -pyjwt[crypto]==2.8.0 +pyjwt[crypto]==2.9.0 # via # adal # azureml-core # msal pynacl==1.5.0 # via paramiko -pyopenssl==24.1.0 +pyopenssl==24.2.1 # via # azureml-core # ndg-httpsclient -pyparsing==3.1.2 +pyparsing==3.1.4 # via matplotlib pysocks==1.7.1 # via requests @@ -361,51 +374,51 @@ python-dateutil==2.9.0.post0 # influxdb # matplotlib # pandas -pytz==2024.1 +pytz==2024.2 # via # azureml-core # influxdb - # mlflow # pandas -pyyaml==6.0.1 +pyyaml==6.0.2 # via # gordo-client # knack - # mlflow -querystring-parser==1.2.4 - # via mlflow + # mlflow-skinny requests[socks]==2.32.3 # via # adal # azure-core # azureml-core + # databricks-sdk # docker # gordo-client # influxdb - # mlflow + # mlflow-skinny # msal # msrest # requests-oauthlib # tensorflow requests-oauthlib==2.0.0 # via msrest -rich==13.7.1 +rich==13.8.1 # via keras +rsa==4.9 + # via google-auth scikeras==0.13.0 # via -r requirements.in -scikit-learn==1.5.1 +scikit-learn==1.5.2 # via # gordo-core # mlflow # scikeras -scipy==1.14.0 +scipy==1.14.1 # via # gordo-core # mlflow # scikit-learn secretstorage==3.3.3 # via azureml-core -simplejson==3.19.2 +simplejson==3.19.3 # via # -r requirements.in # gordo-client @@ -418,17 +431,16 @@ six==1.16.0 # isodate # msrestazure # python-dateutil - # querystring-parser # tensorboard # tensorflow smmap==5.0.1 # via gitdb -sqlalchemy==2.0.31 +sqlalchemy==2.0.35 # via # alembic # mlflow -sqlparse==0.5.0 - # via mlflow +sqlparse==0.5.1 + # via mlflow-skinny tabulate==0.9.0 # via knack tensorboard==2.16.2 @@ -447,6 +459,7 @@ typing-extensions==4.12.2 # via # alembic # azure-core + # azure-mgmt-keyvault # opentelemetry-sdk # optree # pydantic @@ -455,16 +468,16 @@ typing-extensions==4.12.2 # typing-inspect typing-inspect==0.9.0 # via dataclasses-json -urllib3==2.2.2 +urllib3==2.2.3 # via # azureml-core # docker # requests -werkzeug==3.0.3 +werkzeug==3.0.4 # via # flask # tensorboard -wheel==0.43.0 +wheel==0.44.0 # via astunparse wrapt==1.16.0 # via @@ -473,7 +486,7 @@ wrapt==1.16.0 # tensorflow xarray==2023.12.0 # via gordo-core -zipp==3.19.2 +zipp==3.20.2 # via importlib-metadata # The following packages are considered to be unsafe in a requirements file: diff --git a/requirements/test_requirements.txt b/requirements/test_requirements.txt index 69507dae7..9d23443f3 100644 --- a/requirements/test_requirements.txt +++ b/requirements/test_requirements.txt @@ -4,12 +4,10 @@ # # pip-compile --no-emit-index-url --output-file=test_requirements.txt test_requirements.in # -anyio==4.4.0 +anyio==4.6.0 # via # httpx # jupyter-server -appnope==0.1.4 - # via ipykernel argon2-cffi==23.1.0 # via jupyter-server argon2-cffi-bindings==21.2.0 @@ -20,12 +18,12 @@ asttokens==2.4.1 # via stack-data async-lru==2.0.4 # via jupyterlab -attrs==23.2.0 +attrs==24.2.0 # via # jsonschema # pytest-mypy # referencing -babel==2.15.0 +babel==2.16.0 # via jupyterlab-server beautifulsoup4==4.12.3 # via nbconvert @@ -53,9 +51,9 @@ click==8.1.7 # black comm==0.2.2 # via ipykernel -coverage[toml]==7.5.4 +coverage[toml]==7.6.1 # via pytest-cov -debugpy==1.8.1 +debugpy==1.8.6 # via ipykernel decorator==5.1.1 # via ipython @@ -67,11 +65,11 @@ docker==7.1.0 # -r test_requirements.in execnet==2.1.1 # via pytest-xdist -executing==2.0.1 +executing==2.1.0 # via stack-data fastjsonschema==2.20.0 # via nbformat -filelock==3.15.4 +filelock==3.16.1 # via pytest-mypy fqdn==1.5.1 # via jsonschema @@ -79,7 +77,7 @@ h11==0.14.0 # via httpcore httpcore==1.0.5 # via httpx -httpx==0.27.0 +httpx==0.27.2 # via jupyterlab idna==3.7 # via @@ -90,9 +88,9 @@ idna==3.7 # requests iniconfig==2.0.0 # via pytest -ipykernel==6.29.4 +ipykernel==6.29.5 # via jupyterlab -ipython==8.25.0 +ipython==8.27.0 # via ipykernel isoduration==20.11.0 # via jsonschema @@ -109,14 +107,14 @@ json5==0.9.25 # via jupyterlab-server jsonpointer==3.0.0 # via jsonschema -jsonschema[format-nongpl]==4.22.0 +jsonschema[format-nongpl]==4.23.0 # via # jupyter-events # jupyterlab-server # nbformat jsonschema-specifications==2023.12.1 # via jsonschema -jupyter-client==8.6.2 +jupyter-client==8.6.3 # via # ipykernel # jupyter-server @@ -134,7 +132,7 @@ jupyter-events==0.10.0 # via jupyter-server jupyter-lsp==2.2.5 # via jupyterlab -jupyter-server==2.14.1 +jupyter-server==2.14.2 # via # jupyter-lsp # jupyterlab @@ -143,11 +141,11 @@ jupyter-server==2.14.1 # notebook-shim jupyter-server-terminals==0.5.3 # via jupyter-server -jupyterlab==4.2.2 +jupyterlab==4.2.5 # via notebook jupyterlab-pygments==0.3.0 # via nbconvert -jupyterlab-server==2.27.2 +jupyterlab-server==2.27.3 # via # jupyterlab # notebook @@ -164,7 +162,7 @@ mistune==3.0.2 # via nbconvert mock==5.1.0 # via -r test_requirements.in -mypy==1.10.0 +mypy==1.11.2 # via pytest-mypy mypy-extensions==1.0.0 # via @@ -184,7 +182,7 @@ nbformat==5.10.4 # nbconvert nest-asyncio==1.6.0 # via ipykernel -notebook==7.2.1 +notebook==7.2.2 # via -r test_requirements.in notebook-shim==0.2.4 # via @@ -212,7 +210,7 @@ pathspec==0.12.1 # black pexpect==4.9.0 # via ipython -platformdirs==4.2.2 +platformdirs==4.3.6 # via # black # jupyter-core @@ -222,7 +220,7 @@ prometheus-client==0.20.0 # via # -c full_requirements.txt # jupyter-server -prompt-toolkit==3.0.47 +prompt-toolkit==3.0.48 # via ipython psutil==6.0.0 # via ipykernel @@ -230,7 +228,7 @@ ptyprocess==0.7.0 # via # pexpect # terminado -pure-eval==0.2.2 +pure-eval==0.2.3 # via stack-data py-cpuinfo==9.0.0 # via pytest-benchmark @@ -245,7 +243,7 @@ pygments==2.18.0 # -c full_requirements.txt # ipython # nbconvert -pytest==8.2.2 +pytest==8.3.3 # via # -r test_requirements.in # pytest-benchmark @@ -281,7 +279,7 @@ pyyaml==6.0.1 # -c full_requirements.txt # jupyter-events # responses -pyzmq==26.0.3 +pyzmq==26.2.0 # via # ipykernel # jupyter-client @@ -307,7 +305,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.18.1 +rpds-py==0.20.0 # via # jsonschema # referencing @@ -324,7 +322,7 @@ sniffio==1.3.1 # via # anyio # httpx -soupsieve==2.5 +soupsieve==2.6 # via beautifulsoup4 stack-data==0.6.3 # via ipython @@ -358,19 +356,19 @@ traitlets==5.14.3 # nbformat types-mock==5.1.0.20240425 # via -r test_requirements.in -types-python-dateutil==2.9.0.20240316 +types-python-dateutil==2.9.0.20240906 # via # -r test_requirements.in # arrow -types-pytz==2024.1.0.20240417 +types-pytz==2024.2.0.20240913 # via -r test_requirements.in -types-pyyaml==6.0.12.20240311 +types-pyyaml==6.0.12.20240917 # via -r test_requirements.in -types-requests==2.32.0.20240622 +types-requests==2.32.0.20240914 # via -r test_requirements.in -types-setuptools==70.0.0.20240524 +types-setuptools==75.1.0.20240917 # via -r test_requirements.in -types-simplejson==3.19.0.20240310 +types-simplejson==3.19.0.20240801 # via -r test_requirements.in typing-extensions==4.12.2 # via @@ -388,7 +386,7 @@ urllib3==2.2.2 # types-requests wcwidth==0.2.13 # via prompt-toolkit -webcolors==24.6.0 +webcolors==24.8.0 # via jsonschema webencodings==0.5.1 # via