merge "master" into "SEA-178_test_actions_loading"

NTIA · May 15, 2024 · bbda375 · bbda375
2 parents 39d6c81 + 495f6d7
commit bbda375
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 16 deletions.
diff --git a/src/requirements-dev.in b/src/requirements-dev.in
@@ -9,4 +9,4 @@ tox>=4.0,<5.0
 # The following are sub-dependencies for which SCOS Sensor enforces a
 # higher minimum patch version than the dependencies which require them.
 # This is done to ensure the inclusion of specific security patches.
-aiohttp>=3.9.2        # CVE-2023-37276
+aiohttp>=3.9.4        # CVE-2024-30251, CVE-2024-27306
diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
@@ -4,7 +4,7 @@
 #
 #    pip-compile requirements-dev.in
 #
-aiohttp==3.9.3
+aiohttp==3.9.4
     # via
     #   -r requirements-dev.in
     #   aiohttp-cors
@@ -59,7 +59,9 @@ colorama==0.4.6
 colorful==0.5.5
     # via ray
 coverage[toml]==7.3.2
-    # via pytest-cov
+    # via
+    #   coverage
+    #   pytest-cov
 cryptography==42.0.4
     # via -r requirements.txt
 defusedxml==0.7.1
@@ -115,11 +117,11 @@ grpcio==1.59.3
     # via
     #   -r requirements.txt
     #   ray
-gunicorn==20.1.0
+gunicorn==22.0.0
     # via -r requirements.txt
 identify==2.5.32
     # via pre-commit
-idna==3.6
+idna==3.7
     # via
     #   -r requirements.txt
     #   requests
@@ -190,6 +192,7 @@ packaging==23.2
     # via
     #   -r requirements.txt
     #   drf-yasg
+    #   gunicorn
     #   marshmallow
     #   pyproject-api
     #   pytest
@@ -326,7 +329,7 @@ six==1.16.0
     #   sigmf
 smart-open==6.4.0
     # via ray
-sqlparse==0.4.4
+sqlparse==0.5.0
     # via
     #   -r requirements.txt
     #   django

diff --git a/src/requirements.in b/src/requirements.in
@@ -5,7 +5,7 @@ django-session-timeout>=0.1, <1.0
 drf-yasg>=1.0, <2.0
 environs>=9.0, <10.0
 filelock>=3.9, <4.0
-gunicorn>=20.0, <21.0
+gunicorn>=22.0, <23.0
 jsonfield>=3.0, <4.0
 packaging>=23.0, <24.0
 psycopg2-binary>=2.0, <3.0
@@ -15,6 +15,8 @@ scos_tekrsa @ git+https://github.com/NTIA/scos-tekrsa@7.0.1
 # The following are sub-dependencies for which SCOS Sensor enforces a
 # higher minimum patch version than the dependencies which require them.
 # This is done to ensure the inclusion of specific security patches.
-pyyaml>=5.4.0         # CVE-2020-14343
+idna>=3.7             # CVE-2024-3651
 grpcio>=1.53.0        # CVE-2023-32732, CVE-2023-32731, CVE-2023-1428
+pyyaml>=5.4.0         # CVE-2020-14343
+sqlparse>=0.5.0       # CVE-2024-4340
 urllib3>=1.26.18      # CVE-2023-45803
diff --git a/src/requirements.txt b/src/requirements.txt
@@ -57,10 +57,12 @@ grpcio==1.59.3
     # via
     #   -r requirements.in
     #   ray
-gunicorn==20.1.0
+gunicorn==22.0.0
     # via -r requirements.in
-idna==3.6
-    # via requests
+idna==3.7
+    # via
+    #   -r requirements.in
+    #   requests
 importlib-resources==6.1.1
     # via
     #   jsonschema
@@ -95,6 +97,7 @@ packaging==23.2
     # via
     #   -r requirements.in
     #   drf-yasg
+    #   gunicorn
     #   marshmallow
     #   ray
 pkgutil-resolve-name==1.3.10
@@ -156,8 +159,10 @@ six==1.16.0
     #   python-dateutil
     #   requests-mock
     #   sigmf
-sqlparse==0.4.4
-    # via django
+sqlparse==0.5.0
+    # via
+    #   -r requirements.in
+    #   django
 tekrsa-api-wrap==1.3.3
     # via scos-tekrsa
 typing-extensions==4.8.0
@@ -170,6 +175,3 @@ urllib3==2.1.0
     #   requests
 zipp==3.17.0
     # via importlib-resources
-
-# The following packages are considered to be unsafe in a requirements file:
-# setuptools