From 50653435fcda88b9a96cc626cafe03b1087384d7 Mon Sep 17 00:00:00 2001 From: nickumia-reisys Date: Tue, 18 Jun 2024 12:06:59 +0000 Subject: [PATCH 01/14] Update Pip Requirements --- requirements.in.txt | 1 + requirements.txt | 24 ++++++++++++------------ 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/requirements.in.txt b/requirements.in.txt index 9386666b..cc30b018 100644 --- a/requirements.in.txt +++ b/requirements.in.txt @@ -95,3 +95,4 @@ pyparsing # need to avoid solr missing module error on cloud.gov # duplicate Werkzeug[watchdog]==2.0.3 requrements from ckan list # so that snyk doesn't complain about the version mismatch Werkzeug==2.0.3 +urllib3>=1.26.19 diff --git a/requirements.txt b/requirements.txt index f74c1208..4405aa98 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,9 +5,9 @@ Babel==2.10.3 Beaker==1.11.0 bleach==5.0.1 blinker==1.5 -boto3==1.34.111 -botocore==1.34.111 -certifi==2024.2.2 +boto3==1.34.128 +botocore==1.34.128 +certifi==2024.6.2 cffi==1.16.0 chardet==5.2.0 charset-normalizer==3.3.2 @@ -22,7 +22,7 @@ ckanext-usmetadata==0.3.2 -e git+https://github.com/ckan/ckanext-xloader.git@dd475e70255da1e46b93e2193bf3e20f2e694db5#egg=ckanext_xloader ckantoolkit==0.0.7 click==8.1.3 -cryptography==42.0.7 +cryptography==42.0.8 defusedxml==0.7.1 dominate==2.7.0 elementpath==4.4.0 @@ -38,7 +38,7 @@ greenlet==2.0.2 gunicorn==22.0.0 html5lib==1.1 idna==3.7 -ijson==3.2.3 +ijson==3.3.0 importlib-resources==5.13.0 itsdangerous==2.0.1 Jinja2==3.1.4 @@ -54,10 +54,10 @@ MarkupSafe==2.0.1 messytables==0.15.2 mypy==1.10.0 mypy-extensions==1.0.0 -newrelic==9.9.1 +newrelic==9.11.0 nose==1.3.7 -openpyxl==3.1.2 -packaging==24.0 +openpyxl==3.1.4 +packaging==24.1 passlib==1.7.4 pika==1.3.2 pip==24.0 @@ -75,8 +75,8 @@ pytz==2024.1 pytz-deprecation-shim==0.1.0.post0 PyUtilib==6.0.0 PyYAML==6.0.1 -redis==5.0.4 -requests==2.32.2 +redis==5.0.6 +requests==2.32.3 rfc3987==1.3.8 rq==1.11.0 s3transfer==0.10.1 @@ -94,8 +94,8 @@ tzdata==2024.1 tzlocal==4.2 unicodecsv==0.14.1 Unidecode==1.0.22 -urllib3==1.26.18 -watchdog==4.0.0 +urllib3==1.26.19 +watchdog==4.0.1 webassets==2.0 webencodings==0.5.1 Werkzeug==2.0.3 From 131abed7f10035489aa16e4bfa1f7524f75c2f5d Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 18 Jun 2024 20:43:46 +0000 Subject: [PATCH 02/14] fix: requirements-dev.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250 --- requirements-dev.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements-dev.txt b/requirements-dev.txt index 5d07002d..f8720e61 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -23,3 +23,4 @@ sphinx-rtd-theme==0.4.3 pygments>=2.7.4 # not directly required, pinned by Snyk to avoid a vulnerability ipython>=8.10.0 # not directly required, pinned by Snyk to avoid a vulnerability setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability +urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability From 00550b11a0240da7229a4bb6915c73551dfcb210 Mon Sep 17 00:00:00 2001 From: Tyler Burton Date: Tue, 18 Jun 2024 16:47:56 -0500 Subject: [PATCH 03/14] adds freeze requirements script; alphabetizes make commands --- .github/workflows/commit.yml | 2 +- Makefile | 35 +++++++++++++++++++---------------- docker-compose.test.yml | 1 - docker-compose.yml | 1 - freeze-requirements.sh | 20 ++++++++++++++++++++ requirements.txt | 4 ++-- 6 files changed, 42 insertions(+), 21 deletions(-) create mode 100755 freeze-requirements.sh diff --git a/.github/workflows/commit.yml b/.github/workflows/commit.yml index 7a65f06e..09a976eb 100644 --- a/.github/workflows/commit.yml +++ b/.github/workflows/commit.yml @@ -34,7 +34,7 @@ jobs: - name: test run: make build test - name: test extension - run: make test_extension + run: make test-extension - name: cypress-artifacts uses: actions/upload-artifact@v3 if: failure() diff --git a/Makefile b/Makefile index 15ea8f05..57ac45ac 100644 --- a/Makefile +++ b/Makefile @@ -8,6 +8,12 @@ build: clean: docker compose down -v --remove-orphans +clear-solr-volume: + # Destructive + docker stop $(shell docker volume rm catalogdatagov_solr_data 2>&1 | cut -d "[" -f2 | cut -d "]" -f1) + docker rm $(shell docker volume rm catalogdatagov_solr_data 2>&1 | cut -d "[" -f2 | cut -d "]" -f1) + docker volume rm catalogdatagov_solr_data + cypress: # Turn on local system, and open cypress in interactive mode docker compose up -d && cd e2e && npm install && npm run test @@ -17,33 +23,30 @@ debug: # so that we have interactive console access for the debugger. docker compose stop ckan ; docker compose run --service-ports ckan -requirements: - docker compose run --rm -T ckan /app/bin/requirements.sh - lint: flake8 . --count --show-source --statistics +requirements: + docker compose run --rm -T ckan /app/bin/requirements.sh + restart: docker compose restart ckan -test-build: - docker compose -f docker-compose.yml -f docker-compose.test.yml build - test: docker compose -f docker-compose.yml -f docker-compose.test.yml up --abort-on-container-exit test -test_extension: - docker compose run --rm -T ckan pytest --cov=ckanext.datagov_inventory --disable-warnings /app/ckanext/datagov_inventory/tests/ - -up: - docker compose up $(ARGS) +test-build: + docker compose -f docker-compose.yml -f docker-compose.test.yml build -clear-solr-volume: - # Destructive - docker stop $(shell docker volume rm catalogdatagov_solr_data 2>&1 | cut -d "[" -f2 | cut -d "]" -f1) - docker rm $(shell docker volume rm catalogdatagov_solr_data 2>&1 | cut -d "[" -f2 | cut -d "]" -f1) - docker volume rm catalogdatagov_solr_data +test-extension: + docker compose run --rm -T ckan pytest --cov=ckanext.datagov_inventory --disable-warnings /app/ckanext/datagov_inventory/tests/ unlock-solr-volume: # Corruptible docker compose run solr /bin/bash -c "rm -rf /var/solr/data/ckan/data/index/write.lock" + +up: + docker compose up $(ARGS) + +update-dependencies: + docker compose run --rm -T ckan /app/freeze-requirements.sh $(shell id -u) $(shell id -g) diff --git a/docker-compose.test.yml b/docker-compose.test.yml index ff8316d6..3dd4686f 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -1,4 +1,3 @@ -version: '3' services: ckan: environment: diff --git a/docker-compose.yml b/docker-compose.yml index 003ac9c7..4b333000 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,3 @@ -version: '3' services: ckan: image: datagov/inventory-app:2.10.4 diff --git a/freeze-requirements.sh b/freeze-requirements.sh new file mode 100755 index 00000000..3642938a --- /dev/null +++ b/freeze-requirements.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +set -o errexit +set -o pipefail + +venv=$(mktemp -d) + +function cleanup () { + rm -rf $venv +} + +trap cleanup EXIT + +pip3 install virtualenv + +virtualenv $venv +${venv}/bin/pip3 install setuptools==67.1.0 +${venv}/bin/pip3 install -r /app/requirements.in.txt + +${venv}/bin/pip3 freeze --all > /app/requirements.txt diff --git a/requirements.txt b/requirements.txt index 4405aa98..d642fc80 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,8 +5,8 @@ Babel==2.10.3 Beaker==1.11.0 bleach==5.0.1 blinker==1.5 -boto3==1.34.128 -botocore==1.34.128 +boto3==1.34.129 +botocore==1.34.129 certifi==2024.6.2 cffi==1.16.0 chardet==5.2.0 From cfecde998ee2e6836cf73e34638567298ff5809c Mon Sep 17 00:00:00 2001 From: Tyler Burton Date: Tue, 18 Jun 2024 16:51:49 -0500 Subject: [PATCH 04/14] removes lint err --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 61be93e8..d3325bed 100644 --- a/setup.py +++ b/setup.py @@ -40,7 +40,7 @@ 'Development Status :: 4 - Beta', # Pick your license as you wish (should match "license" above) - 'License :: OSI Approved :: GNU Affero General Public License'\ + 'License :: OSI Approved :: GNU Affero General Public License' ' v3 or later (AGPLv3+)', # Specify the Python versions you support here. In particular, ensure From c39c405c739f35747b94f3b0a1858db1a917acfe Mon Sep 17 00:00:00 2001 From: Tyler Burton Date: Thu, 20 Jun 2024 09:36:51 -0500 Subject: [PATCH 05/14] updates urllib --- requirements-dev.txt | 1 - requirements.in.txt | 4 ++-- requirements.txt | 6 +++--- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index f8720e61..5d07002d 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -23,4 +23,3 @@ sphinx-rtd-theme==0.4.3 pygments>=2.7.4 # not directly required, pinned by Snyk to avoid a vulnerability ipython>=8.10.0 # not directly required, pinned by Snyk to avoid a vulnerability setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability -urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability diff --git a/requirements.in.txt b/requirements.in.txt index cc30b018..09f86744 100644 --- a/requirements.in.txt +++ b/requirements.in.txt @@ -85,7 +85,6 @@ wheel==0.42.0 # avoid ImportError error https://github.com/GSA/data.gov/issues/4396 importlib-resources<6.0 gevent>=23.9.0 -urllib3~=1.26.17 cryptography>=42.0.4 pip>=23.3 jinja2>=3.1.4 @@ -95,4 +94,5 @@ pyparsing # need to avoid solr missing module error on cloud.gov # duplicate Werkzeug[watchdog]==2.0.3 requrements from ckan list # so that snyk doesn't complain about the version mismatch Werkzeug==2.0.3 -urllib3>=1.26.19 +urllib3>=2.2.2 + diff --git a/requirements.txt b/requirements.txt index d642fc80..2ebdfd8a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,8 +5,8 @@ Babel==2.10.3 Beaker==1.11.0 bleach==5.0.1 blinker==1.5 -boto3==1.34.129 -botocore==1.34.129 +boto3==1.34.130 +botocore==1.34.130 certifi==2024.6.2 cffi==1.16.0 chardet==5.2.0 @@ -94,7 +94,7 @@ tzdata==2024.1 tzlocal==4.2 unicodecsv==0.14.1 Unidecode==1.0.22 -urllib3==1.26.19 +urllib3==2.2.2 watchdog==4.0.1 webassets==2.0 webencodings==0.5.1 From 7dff16ece5646cb100ec66fc7a896798f173671e Mon Sep 17 00:00:00 2001 From: Tyler Burton Date: Thu, 20 Jun 2024 13:37:02 -0500 Subject: [PATCH 06/14] remove unnecessary script --- Makefile | 5 +---- freeze-requirements.sh | 20 -------------------- 2 files changed, 1 insertion(+), 24 deletions(-) delete mode 100755 freeze-requirements.sh diff --git a/Makefile b/Makefile index 57ac45ac..bc9200ee 100644 --- a/Makefile +++ b/Makefile @@ -46,7 +46,4 @@ unlock-solr-volume: docker compose run solr /bin/bash -c "rm -rf /var/solr/data/ckan/data/index/write.lock" up: - docker compose up $(ARGS) - -update-dependencies: - docker compose run --rm -T ckan /app/freeze-requirements.sh $(shell id -u) $(shell id -g) + docker compose up $(ARGS) \ No newline at end of file diff --git a/freeze-requirements.sh b/freeze-requirements.sh deleted file mode 100755 index 3642938a..00000000 --- a/freeze-requirements.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash - -set -o errexit -set -o pipefail - -venv=$(mktemp -d) - -function cleanup () { - rm -rf $venv -} - -trap cleanup EXIT - -pip3 install virtualenv - -virtualenv $venv -${venv}/bin/pip3 install setuptools==67.1.0 -${venv}/bin/pip3 install -r /app/requirements.in.txt - -${venv}/bin/pip3 freeze --all > /app/requirements.txt From 87d9933935852643fba664ad0fcaae87b0470c97 Mon Sep 17 00:00:00 2001 From: Tyler Burton Date: Fri, 21 Jun 2024 11:21:42 -0500 Subject: [PATCH 07/14] downgrade urllib; bumps python version in snyk file --- .github/workflows/snyk.yml | 7 ++++--- requirements.in.txt | 2 +- requirements.txt | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 45efc806..b3188db8 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -13,10 +13,11 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - name: Set up Python 3.9 - uses: actions/setup-python@v4 + - name: Set up Python 3.10 + uses: actions/setup-python@v5 with: - python-version: 3.9 + python-version: 3.10.14 + cache: 'pip' - name: Display Python version run: python -c "import sys; print(sys.version)" - name: Install Dependencies diff --git a/requirements.in.txt b/requirements.in.txt index 09f86744..083f583a 100644 --- a/requirements.in.txt +++ b/requirements.in.txt @@ -94,5 +94,5 @@ pyparsing # need to avoid solr missing module error on cloud.gov # duplicate Werkzeug[watchdog]==2.0.3 requrements from ckan list # so that snyk doesn't complain about the version mismatch Werkzeug==2.0.3 -urllib3>=2.2.2 +urllib3>=1.26.19 diff --git a/requirements.txt b/requirements.txt index 2ebdfd8a..4165b20c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,8 +5,8 @@ Babel==2.10.3 Beaker==1.11.0 bleach==5.0.1 blinker==1.5 -boto3==1.34.130 -botocore==1.34.130 +boto3==1.34.131 +botocore==1.34.131 certifi==2024.6.2 cffi==1.16.0 chardet==5.2.0 From 75fe6a329fce38feb2f2533ad3c744171b7c11fe Mon Sep 17 00:00:00 2001 From: Jin-Sun-tts Date: Tue, 2 Jul 2024 13:45:39 -0400 Subject: [PATCH 08/14] extended the snyk exception date --- .snyk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.snyk b/.snyk index a75fbfcc..36fcacac 100644 --- a/.snyk +++ b/.snyk @@ -28,7 +28,7 @@ ignore: reason: >- Upgrade path is complex, Issue tracked in github: https://github.com/GSA/data.gov/issues/4217 - expires: 2024-06-01T16:20:58.017Z + expires: 2024-09-30T16:20:58.017Z created: 2023-02-15T16:20:58.023Z SNYK-PYTHON-FLASK-5490129: - '*': @@ -66,19 +66,19 @@ ignore: - '*': reason: >- Not affecting us since no debugger is enabled in cloud.gov apps - expires: 2024-06-31T16:20:58.017Z + expires: 2024-09-30T16:20:58.017Z SNYK-PYTHON-CRYPTOGRAPHY-7161587: - '*': reason: >- No remediation available yet. Issue tracked in github: https://github.com/GSA/data.gov/issues/4781 - expires: 2024-06-31T16:20:58.017Z + expires: 2024-09-30T16:20:58.017Z SNYK-PYTHON-PYOPENSSL-7161590: - '*': reason: >- No remediation available yet. Issue tracked in github: https://github.com/GSA/data.gov/issues/4782 - expires: 2024-06-31T16:20:58.017Z + expires: 2024-09-30T16:20:58.017Z patch: {} # specify the directories or files to be excludeed from import: exclude: From df71bc766018b38a0fc18c8689fb7e685f5291e8 Mon Sep 17 00:00:00 2001 From: nickumia-reisys Date: Sun, 7 Jul 2024 12:05:41 +0000 Subject: [PATCH 09/14] Update Pip Requirements --- requirements.in.txt | 2 +- requirements.txt | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/requirements.in.txt b/requirements.in.txt index 083f583a..e95a7be0 100644 --- a/requirements.in.txt +++ b/requirements.in.txt @@ -78,7 +78,6 @@ python-dateutil>=2.8.2 # (most likely for snyk) itsdangerous==2.0.1 MarkupSafe==2.0.1 -certifi>=2022.12.7 setuptools==68.0.0 wheel==0.42.0 @@ -96,3 +95,4 @@ pyparsing # need to avoid solr missing module error on cloud.gov Werkzeug==2.0.3 urllib3>=1.26.19 +certifi>=2024.7.4 diff --git a/requirements.txt b/requirements.txt index 4165b20c..5f13c12f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,9 +5,9 @@ Babel==2.10.3 Beaker==1.11.0 bleach==5.0.1 blinker==1.5 -boto3==1.34.131 -botocore==1.34.131 -certifi==2024.6.2 +boto3==1.34.140 +botocore==1.34.140 +certifi==2024.7.4 cffi==1.16.0 chardet==5.2.0 charset-normalizer==3.3.2 @@ -19,7 +19,7 @@ ckanext-googleanalyticsbasic==0.2.1 ckanext-s3filestore @ git+https://github.com/keitaroinc/ckanext-s3filestore.git@caf88c0352ffe7b4432d3d55ddfb0a71249ceddd ckanext-saml2auth @ git+https://github.com/GSA/ckanext-saml2auth.git@387cfc1c6a7619f670bf387384f2634516de5844 ckanext-usmetadata==0.3.2 --e git+https://github.com/ckan/ckanext-xloader.git@dd475e70255da1e46b93e2193bf3e20f2e694db5#egg=ckanext_xloader +-e git+https://github.com/ckan/ckanext-xloader.git@3a865acd843bf7e2a7e2eb3c4e983816eddb6658#egg=ckanext_xloader ckantoolkit==0.0.7 click==8.1.3 cryptography==42.0.8 @@ -52,15 +52,15 @@ Mako==1.3.5 Markdown==3.4.1 MarkupSafe==2.0.1 messytables==0.15.2 -mypy==1.10.0 +mypy==1.10.1 mypy-extensions==1.0.0 newrelic==9.11.0 nose==1.3.7 -openpyxl==3.1.4 +openpyxl==3.1.5 packaging==24.1 passlib==1.7.4 pika==1.3.2 -pip==24.0 +pip==24.1 polib==1.1.1 psycopg2==2.9.3 pycparser==2.22 @@ -75,11 +75,11 @@ pytz==2024.1 pytz-deprecation-shim==0.1.0.post0 PyUtilib==6.0.0 PyYAML==6.0.1 -redis==5.0.6 +redis==5.0.7 requests==2.32.3 rfc3987==1.3.8 rq==1.11.0 -s3transfer==0.10.1 +s3transfer==0.10.2 sansjson==0.3.0 setuptools==68.0.0 simplejson==3.18.0 From b9c703677aa30dccfa4b35d25baecd0bfd50455a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 10 Jul 2024 07:06:08 +0000 Subject: [PATCH 10/14] fix: requirements-dev.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- requirements-dev.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements-dev.txt b/requirements-dev.txt index 5d07002d..ed51113b 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -23,3 +23,4 @@ sphinx-rtd-theme==0.4.3 pygments>=2.7.4 # not directly required, pinned by Snyk to avoid a vulnerability ipython>=8.10.0 # not directly required, pinned by Snyk to avoid a vulnerability setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability +zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability From 188f3139389d742229af1eb56d8f9267812836d4 Mon Sep 17 00:00:00 2001 From: Fuhu Xia Date: Tue, 16 Jul 2024 12:43:41 -0400 Subject: [PATCH 11/14] setuptools>=70.0.0 --- requirements-dev.txt | 2 +- requirements.in.txt | 2 +- requirements.txt | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 5d07002d..0f3d9c95 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -22,4 +22,4 @@ Sphinx==3.3.0 sphinx-rtd-theme==0.4.3 pygments>=2.7.4 # not directly required, pinned by Snyk to avoid a vulnerability ipython>=8.10.0 # not directly required, pinned by Snyk to avoid a vulnerability -setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability +setuptools>=70.0.0 # not directly required, pinned by Snyk to avoid a vulnerability diff --git a/requirements.in.txt b/requirements.in.txt index e95a7be0..2829cae8 100644 --- a/requirements.in.txt +++ b/requirements.in.txt @@ -78,7 +78,7 @@ python-dateutil>=2.8.2 # (most likely for snyk) itsdangerous==2.0.1 MarkupSafe==2.0.1 -setuptools==68.0.0 +setuptools>=70.0.0 wheel==0.42.0 # avoid ImportError error https://github.com/GSA/data.gov/issues/4396 diff --git a/requirements.txt b/requirements.txt index 5f13c12f..5dd56995 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,8 +5,8 @@ Babel==2.10.3 Beaker==1.11.0 bleach==5.0.1 blinker==1.5 -boto3==1.34.140 -botocore==1.34.140 +boto3==1.34.144 +botocore==1.34.144 certifi==2024.7.4 cffi==1.16.0 chardet==5.2.0 @@ -54,7 +54,7 @@ MarkupSafe==2.0.1 messytables==0.15.2 mypy==1.10.1 mypy-extensions==1.0.0 -newrelic==9.11.0 +newrelic==9.12.0 nose==1.3.7 openpyxl==3.1.5 packaging==24.1 @@ -81,7 +81,7 @@ rfc3987==1.3.8 rq==1.11.0 s3transfer==0.10.2 sansjson==0.3.0 -setuptools==68.0.0 +setuptools==70.1.0 simplejson==3.18.0 six==1.16.0 SQLAlchemy==1.4.41 From f294bbd37a45a9c5b564cb8dc5f4958dcf7a22b9 Mon Sep 17 00:00:00 2001 From: Fuhu Xia Date: Thu, 18 Jul 2024 00:28:38 -0400 Subject: [PATCH 12/14] Trigger Build From 6a8ad251c0d7122ffad940173ebe6d3aeaaa8a06 Mon Sep 17 00:00:00 2001 From: Fuhu Xia Date: Thu, 18 Jul 2024 09:05:15 -0400 Subject: [PATCH 13/14] snyk test in PR --- .github/workflows/snyk.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index b3188db8..6ec44123 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -2,6 +2,9 @@ name: Check for Snyk Vulnerabilities on: # yamllint disable-line rule:truthy + pull_request: + branches: + - main workflow_dispatch: schedule: - cron: '0 12 * * *' # every day at 12pm UTC @@ -58,7 +61,7 @@ jobs: # Fail so that PR is created exit 1 - name: Create Pull Request - if: ${{ failure() }} + if: ${{ failure() && github.event_name == 'schedule' }} id: scpr uses: peter-evans/create-pull-request@v5 with: From 9834e48533b732b48a9d986a19028bef5ebf4381 Mon Sep 17 00:00:00 2001 From: James Brown Date: Tue, 30 Jul 2024 10:30:35 -0700 Subject: [PATCH 14/14] Fix cookie strict Add necessary config items from ckan2.10 changelog: https://docs.ckan.org/en/2.10/changelog.html#migration-notes-2-10 --- config/ckan.ini | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/ckan.ini b/config/ckan.ini index 2c8a2a0a..1615cf53 100644 --- a/config/ckan.ini +++ b/config/ckan.ini @@ -37,6 +37,8 @@ beaker.session.secret = $CKAN___BEAKER__SESSION__SECRET beaker.session.type=ext:database beaker.session.cookie_expires=true +beaker.session.secure = True +beaker.session.samesite = Strict #beaker.session.url = $CKAN___BEAKER__SESSION__URL # 900 seconds = 15 mins beaker.session.timeout=900