Merge branch 'main' into snyk-fix-6a94735f5ceb5104409ffaf618cd8806

GSA · Jul 19, 2024 · 36d28fd · 36d28fd
2 parents 0e6d860 + dd5961f
commit 36d28fd
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 8 deletions.
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
@@ -2,6 +2,9 @@
 name: Check for Snyk Vulnerabilities
 
 on:
+  pull_request:
+    branches:
+      - main
   workflow_dispatch:
   schedule:
     - cron: '0 12 * * *'  # every day at 12pm UTC
@@ -56,7 +59,7 @@ jobs:
           # Fail so that PR is created
           exit 1
       - name: Create Pull Request
-        if: ${{ failure() }}
+        if: ${{ failure() && github.event_name == 'schedule' }}
         id: scpr
         uses: peter-evans/create-pull-request@v5
         with:

diff --git a/ckan/requirements.in b/ckan/requirements.in
@@ -1,6 +1,6 @@
 # CKAN requirements and extensions
 git+https://github.com/GSA/ckan.git@ckan-2-10-4-fork#egg=ckan
-git+https://github.com/ckan/ckanext-dcat@master#egg=ckanext-dcat
+git+https://github.com/ckan/ckanext-dcat@v1.7.0#egg=ckanext-dcat
 -e git+https://github.com/GSA/ckanext-harvest.git@release-v1-5-6#egg=ckanext-harvest
 -e git+https://github.com/ckan/ckanext-spatial.git@v2.1.1#egg=ckanext-spatial
 git+https://github.com/GSA/ckanext-saml2auth.git@datagov#egg=ckanext-saml2auth
@@ -132,3 +132,6 @@ Werkzeug==2.0.3
 # pin numpy as 2.x causes array import issues w/ shapely
 numpy==1.26.4
 certifi>=2024.7.4
+
+# snyk finding
+setuptools>=70.0.0
diff --git a/ckan/requirements.txt b/ckan/requirements.txt
@@ -4,18 +4,18 @@ Babel==2.10.3
 Beaker==1.11.0
 bleach==5.0.1
 blinker==1.5
-boto3==1.34.140
-botocore==1.34.140
+boto3==1.34.145
+botocore==1.34.145
 certifi==2024.7.4
 cffi==1.16.0
 chardet==5.2.0
 charset-normalizer==3.3.2
 ckan @ git+https://github.com/GSA/ckan.git@7159a872ba740069b768fcd2a43cde81a57ee492
 -e git+https://github.com/ckan/ckanext-archiver.git@cbfadf9fbf10405958fdef9f77a7faedc05aa20b#egg=ckanext_archiver
 ckanext-datagovcatalog==0.1.0
-ckanext-datagovtheme==0.2.30
+ckanext-datagovtheme==0.2.31
 ckanext-datajson==0.1.25
-ckanext-dcat @ git+https://github.com/ckan/ckanext-dcat@83495ba99cba17398ba8feb1bc0da486f3798584
+ckanext-dcat @ git+https://github.com/ckan/ckanext-dcat@b8ebf24004cd3f3edb7f9d01c87c20259c102093
 ckanext-envvars==0.0.3
 ckanext-geodatagov==0.2.8
 -e git+https://github.com/GSA/ckanext-harvest.git@9039e7a5d563a40177d62487758b366ab77434b6#egg=ckanext_harvest
@@ -58,7 +58,7 @@ MarkupSafe==2.1.5
 messytables==0.15.2
 mypy==1.10.1
 mypy-extensions==1.0.0
-newrelic==9.11.0
+newrelic==9.12.0
 nose==1.3.7
 numpy==1.26.4
 OWSLib==0.31.0
@@ -93,7 +93,7 @@ rfc3987==1.3.8
 rq==1.11.0
 s3transfer==0.10.2
 sansjson==0.3.0
-setuptools==67.1.0
+setuptools==71.0.3
 shapely==2.0.1
 simplejson==3.18.0
 six==1.16.0

diff --git a/tools/harvest_source_import/dev-requirements.txt b/tools/harvest_source_import/dev-requirements.txt
@@ -2,3 +2,4 @@
 pytest>=5.4.2
 pytest-vcr>=1.0.2
 flake8>=3.8.1
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability