From c464d51cef361e010a4ecbe957c03f3ea3833de7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Brunner?= Date: Fri, 30 Aug 2024 09:22:05 +0200 Subject: [PATCH] [MEDIUM] webob@1.8.7: SNYK-PYTHON-WEBOB-7687445 CWE-601 [Fixed in: 1.8.8]. --- .../spell-ignore-words.txt | 0 .pre-commit-config.yaml | 99 ++++++++++++++++++- .python-version | 1 + custom/poetry.lock | 10 +- custom/pyproject.toml | 1 + project.yaml | 1 + 6 files changed, 103 insertions(+), 9 deletions(-) rename spell-ignore-words.txt => .github/spell-ignore-words.txt (100%) create mode 100644 .python-version diff --git a/spell-ignore-words.txt b/.github/spell-ignore-words.txt similarity index 100% rename from spell-ignore-words.txt rename to .github/spell-ignore-words.txt diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 91b50b9cb..726e2c700 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,9 +1,10 @@ # https://pre-commit.com/hooks.html -ci: - autoupdate_schedule: quarterly - skip: - - ripsecrets +exclude: | + (?x)^( + CONST_.* + |mapserver/data/lac-leman.osm + )$ repos: - repo: https://github.com/pre-commit/pre-commit-hooks @@ -21,6 +22,14 @@ repos: rev: v3.1.0 hooks: - id: prettier + - repo: https://github.com/sbrunner/integrity-updater + rev: 0.1.0 + hooks: + - id: integrity-updater + exclude: |- + (?x)^( + geoportal/.* + )$ - repo: https://github.com/PyCQA/autoflake rev: v2.3.1 hooks: @@ -33,3 +42,85 @@ repos: rev: 24.8.0 hooks: - id: black + - repo: https://github.com/asottile/pyupgrade + rev: v3.16.0 + hooks: + - id: pyupgrade + args: + - --py310-plus + exclude: |- + (?x)^( + build + )$ + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.6.0 + hooks: + - id: detect-private-key + - id: check-merge-conflict + - id: check-ast + - id: debug-statements + - id: check-toml + - id: check-yaml + - id: check-json + - id: end-of-file-fixer + - id: trailing-whitespace + - id: mixed-line-ending + - repo: https://github.com/sbrunner/hooks + rev: 1.0.0 + hooks: + - id: copyright + exclude: |- + (?x)^( + build + |geoportal + |scripts/db-backup + |scripts/db-restore + )$ + - id: poetry-lock + additional_dependencies: + - poetry==1.8.3 # pypi + - repo: https://github.com/codespell-project/codespell + rev: v2.3.0 + hooks: + - id: codespell + exclude: |- + (?x)^( + (.*/)?poetry\.lock + |ci/cleanup + |geoportal/geomapfish_geoportal/locale/.* + |qgisserver/.*.gs[sz] + |geoportal/geomapfish_geoportal/static/story-map.html + |tilegeneration/config.yaml.tmpl + )$ + args: + - --ignore-words=.github/spell-ignore-words.txt + - repo: https://github.com/shellcheck-py/shellcheck-py + rev: v0.10.0.1 + hooks: + - id: shellcheck + - repo: https://github.com/jumanjihouse/pre-commit-hooks + rev: 3.0.0 + hooks: + - id: git-check + - repo: https://github.com/python-jsonschema/check-jsonschema + rev: 0.28.6 + hooks: + - id: check-github-actions + - id: check-github-workflows + - id: check-jsonschema + name: Check GitHub Workflows set timeout-minutes + files: ^\.github/workflows/[^/]+$ + types: + - yaml + args: + - --builtin-schema + - github-workflows-require-timeout + - repo: https://github.com/sirwart/ripsecrets + rev: v0.1.8 + hooks: + - id: ripsecrets + - repo: https://github.com/sbrunner/jsonschema-validator + rev: 0.1.0 + hooks: + - id: jsonschema-validator + files: ^ci/config\.yaml$ diff --git a/.python-version b/.python-version new file mode 100644 index 000000000..c8cfe3959 --- /dev/null +++ b/.python-version @@ -0,0 +1 @@ +3.10 diff --git a/custom/poetry.lock b/custom/poetry.lock index 436968018..4501f0aac 100644 --- a/custom/poetry.lock +++ b/custom/poetry.lock @@ -2258,13 +2258,13 @@ testing = ["coverage (>=5.0)", "pytest", "pytest-cov"] [[package]] name = "webob" -version = "1.8.7" +version = "1.8.8" description = "WSGI request and response object" optional = false -python-versions = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*" +python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7" files = [ - {file = "WebOb-1.8.7-py2.py3-none-any.whl", hash = "sha256:73aae30359291c14fa3b956f8b5ca31960e420c28c1bec002547fb04928cf89b"}, - {file = "WebOb-1.8.7.tar.gz", hash = "sha256:b64ef5141be559cfade448f044fa45c2260351edcb6a8ef6b7e00c7dcef0c323"}, + {file = "WebOb-1.8.8-py2.py3-none-any.whl", hash = "sha256:b60ba63f05c0cf61e086a10c3781a41fcfe30027753a8ae6d819c77592ce83ea"}, + {file = "webob-1.8.8.tar.gz", hash = "sha256:2abc1555e118fc251e705fc6dc66c7f5353bb9fbfab6d20e22f1c02b4b71bcee"}, ] [package.extras] @@ -2445,4 +2445,4 @@ test = ["zope.testing"] [metadata] lock-version = "2.0" python-versions = ">=3.10,<3.11" -content-hash = "04f00ccf4c5781b8ea8d5d7f8888d4109f17c1ab739e16df5986e3d41fe35027" +content-hash = "967ee8378517c9fe74a07b964f42bd687d81a1400f37276bcd9b1c7fa67618b4" diff --git a/custom/pyproject.toml b/custom/pyproject.toml index abdf44304..182ba2ca6 100644 --- a/custom/pyproject.toml +++ b/custom/pyproject.toml @@ -34,6 +34,7 @@ azure-storage-blob = "12.20.0" azure-identity = "1.16.1" urllib3 = { version = "2.2.2", optional = true } certifi = { version = "2024.7.4", optional = true } +webob = { version = "1.8.8", optional = true } [tool.poetry.dev-dependencies] prospector = { version = "1.10.3", extras = ["with_bandit", "with_mypy"] } diff --git a/project.yaml b/project.yaml index 648b4913c..ca781cb3a 100644 --- a/project.yaml +++ b/project.yaml @@ -22,6 +22,7 @@ managed_files: - geoportal/interfaces/desktop_alt\.html\.mako - tests/test_app.py - .editorconfig + - .pre-commit-config\.yaml unmanaged_files: - geoportal/geomapfish_geoportal/static-ngeo/js/apps/Controller.*\.js - geoportal/geomapfish_geoportal/static-ngeo/js/apps/.*\.html\.ejs