#1933 - Regular Update For Dependencies (#1954)

#1933 - Regular Update For Dependencies
department-of-veterans-affairs · Aug 22, 2024 · 6e49f1e · 6e49f1e
1 parent 279b374
commit 6e49f1e
Show file tree

Hide file tree

Showing 4 changed files with 548 additions and 487 deletions.
diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
@@ -94,7 +94,7 @@ jobs:
             VERSION=${{ inputs.ref }}
 
       - name: Deploy API task definition to Fargate
-        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v2
         with:
           task-definition: ${{ steps.render-api-container.outputs.task-definition }}
           service: ${{ inputs.environment }}-notification-api-service
@@ -138,7 +138,7 @@ jobs:
               VERSION=${{ inputs.ref }}
 
       - name: Deploy celery task definition to Fargate
-        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v2
         with:
           task-definition: ${{ steps.render-celery-container.outputs.task-definition }}
           service: ${{ inputs.environment }}-notification-celery-service
@@ -182,7 +182,7 @@ jobs:
             VERSION=${{ inputs.ref }}
 
       - name: Deploy celery beat task definition to Fargate
-        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v2
         with:
           task-definition: ${{ steps.render-celery-beat-container.outputs.task-definition }}
           service: ${{ inputs.environment }}-notification-celery-beat-service

diff --git a/.talismanrc b/.talismanrc
@@ -4,5 +4,5 @@ fileignoreconfig:
 - filename: app/notifications/process_notifications.py
   checksum: ae4e31c6eb56d91ec80ae09d13baf4558cf461c65f08893b93fee43f036a17a7
 - filename: poetry.lock
-  checksum: 01de45b83157d87e809cc92d3fd92a0456edca1ccfdd9390af5b71a0cdd93713
+  checksum: 224fdfd6b1954bf1e49dab464f6ea4d702cfe4b53e09916ffa43ee45b401cc02
 version: "1.0"
diff --git a/Makefile b/Makefile
@@ -32,10 +32,9 @@ install-safety:
 
 check-dependencies: install-safety ## Scan dependencies for security vulnerabilities
 	# 12 Dec 2023: 51668 is fixed with >= 2.0.0b1 of SQLAlchemy. Ongoing refactor to upgrade.
-	# 6 June 2024: 70612 vulnerability found with jinja2 version 3.1.3
-	# 14 Aug 2024: 71600 found in gunicorn version 22.0.0, will be addressed in regular dependencies update
+	# 22 Aug 2024: 70612 vulnerability found with jinja2 version 3.1.4. At this time, all versions of jinja2 are affected, but vulnerability is being disputed. https://nvd.nist.gov/vuln/detail/CVE-2019-8341
 
-	safety check -r poetry.lock --full-report -i 51668,70612,71600
+	safety check -r poetry.lock --full-report -i 51668,70612
 
 .PHONY:
 	help \