fix(PSAAS-21305): Update Dependencies for CVEs (#14)

* PSAAS-21305 | dependencies updated * Update README.md * PSAAS-21305 | test commit * PSAAS-21305 | wheels rebuild * PSAAS-21305 | wheels rebuild * PSAAS-21305 | copyrights are up to date now * PSAAS-21305 | tests run * PSAAS-21305 | Fossa tests run --------- Co-authored-by: splunk-soar-connectors-admin <admin@splunksoar>
splunk-soar-connectors · Feb 5, 2025 · a1d13a7 · a1d13a7
1 parent f5fc845
commit a1d13a7
Show file tree

Hide file tree

Showing 22 changed files with 19 additions and 20 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,11 +1,11 @@
 repos:
 - repo: https://github.com/phantomcyber/dev-cicd-tools
-  rev: v1.22
+  rev: v1.24
   hooks:
   - id: org-hook
   - id: package-app-dependencies
 - repo: https://github.com/Yelp/detect-secrets
-  rev: v1.4.0
+  rev: v1.5.0
   hooks:
   - id: detect-secrets
     args:

diff --git a/LICENSE b/LICENSE
@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.
diff --git a/NOTICE b/NOTICE
@@ -1,5 +1,5 @@
 Splunk SOAR BigFix
-Copyright (c) 2017-2024 Splunk Inc.
+Copyright (c) 2017-2025 Splunk Inc.
 
 Third-party Software Attributions:
 

diff --git a/README.md b/README.md
@@ -6,12 +6,12 @@ Connector Version: 2.0.12
 Product Vendor: IBM  
 Product Name: BigFix  
 Product Version Supported (regex): ".\*"  
-Minimum Product Version: 6.2.1  
+Minimum Product Version: 6.3.0  
 
 This app supports several investigative actions on IBM Big Fix
 
-### Configuration Variables
-The below configuration variables are required for this Connector to operate.  These variables are specified when configuring a BigFix asset in SOAR.
+### Configuration variables
+This table lists the configuration variables required to operate BigFix. These variables are specified when configuring a BigFix asset in Splunk SOAR.
 
 VARIABLE | REQUIRED | TYPE | DESCRIPTION
 -------- | -------- | ---- | -----------

diff --git a/__init__.py b/__init__.py
@@ -1,6 +1,6 @@
 # File: __init__.py
 #
-# Copyright (c) 2017-2024 Splunk Inc.
+# Copyright (c) 2017-2025 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

diff --git a/bigfix.json b/bigfix.json
@@ -9,14 +9,14 @@
     "product_name": "BigFix",
     "product_version_regex": ".*",
     "publisher": "Splunk",
-    "license": "Copyright (c) 2017-2024 Splunk Inc.",
+    "license": "Copyright (c) 2017-2025 Splunk Inc.",
     "app_version": "2.0.12",
     "utctime_updated": "2024-10-02T09:51:56.000000Z",
     "package_name": "phantom_bigfix",
     "main_module": "bigfix_connector.py",
     "python_version": "3",
     "fips_compliant": true,
-    "min_phantom_version": "6.2.1",
+    "min_phantom_version": "6.3.0",
     "latest_tested_versions": [
         "On-prem, BigFix Enterprise Server v9.5.6"
     ],
@@ -865,16 +865,16 @@
         "wheel": [
             {
                 "module": "lxml",
-                "input_file": "wheels/py36/lxml-4.9.2-cp36-cp36m-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl"
+                "input_file": "wheels/py36/lxml-5.3.0-cp36-cp36m-manylinux_2_28_x86_64.whl"
             }
         ]
     },
     "pip39_dependencies": {
         "wheel": [
             {
                 "module": "lxml",
-                "input_file": "wheels/py39/lxml-4.9.2-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl"
+                "input_file": "wheels/py39/lxml-5.3.0-cp39-cp39-manylinux_2_28_x86_64.whl"
             }
         ]
     }
-}
+}
diff --git a/bigfix_connector.py b/bigfix_connector.py
@@ -1,6 +1,6 @@
 # File: bigfix_connector.py
 #
-# Copyright (c) 2017-2024 Splunk Inc.
+# Copyright (c) 2017-2025 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

diff --git a/bigfix_consts.py b/bigfix_consts.py
@@ -1,6 +1,6 @@
 # File: bigfix_consts.py
 #
-# Copyright (c) 2017-2024 Splunk Inc.
+# Copyright (c) 2017-2025 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

diff --git a/pyproject.toml b/pyproject.toml
@@ -5,3 +5,4 @@ verbose = true
 
 [tool.isort]
 line_length = 145
+profile = "black"
diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md
@@ -1 +1,2 @@
 **Unreleased**
+* Updated dependencies to resolve security vulnerabilities [PSAAS-21305]
diff --git a/requirements.txt b/requirements.txt
@@ -1 +1 @@
-lxml==4.9.2
+lxml==5.3.0
diff --git a/tox.ini b/tox.ini
@@ -1,7 +1,4 @@
 [flake8]
 max-line-length = 145
 max-complexity = 28
-extend-ignore = F403,E128,E126,E121,E127,E731,E201,E202,E203,E701,F405,E722,D
-
-[isort]
-line_length = 145
+extend-ignore = F403,E128,E126,E121,E127,E731,E201,E202,E203,E701,F405,E722,D,W503
diff --git a/wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl b/wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl
diff --git a/wheels/py3/soupsieve-2.3.2.post1-py3-none-any.whl b/wheels/py3/soupsieve-2.3.2.post1-py3-none-any.whl
diff --git a/wheels/py3/soupsieve-2.5-py3-none-any.whl b/wheels/py3/soupsieve-2.5-py3-none-any.whl
diff --git a/...anylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl b/...anylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl
diff --git a/...xml-4.9.2-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl b/...xml-4.9.2-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl
diff --git a/wheels/py36/lxml-5.3.0-cp36-cp36m-manylinux_2_28_x86_64.whl b/wheels/py36/lxml-5.3.0-cp36-cp36m-manylinux_2_28_x86_64.whl
diff --git a/...anylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl b/...anylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl
diff --git a/...lxml-4.9.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl b/...lxml-4.9.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl
diff --git a/wheels/py39/lxml-5.3.0-cp39-cp39-manylinux_2_28_x86_64.whl b/wheels/py39/lxml-5.3.0-cp39-cp39-manylinux_2_28_x86_64.whl
diff --git a/wheels/shared/xmltodict-0.12.0-py2.py3-none-any.whl b/wheels/shared/xmltodict-0.12.0-py2.py3-none-any.whl
Original file line number	Diff line number	Diff line change
Expand Up		@@ -5,3 +5,4 @@ verbose = true

		[tool.isort]
		line_length = 145
		profile = "black"
Original file line number	Diff line number	Diff line change
		@@ -1 +1,2 @@
		Unreleased
		* Updated dependencies to resolve security vulnerabilities [PSAAS-21305]