Skip to content

⬆️Security update with alignment of dependencies #8247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Aug 25, 2025
Merged

⬆️Security update with alignment of dependencies #8247

merged 9 commits into from
Aug 25, 2025

Conversation

@sanderegg
Copy link
Member

@sanderegg sanderegg commented Aug 22, 2025
edited
Loading

Fixes https://github.com/ITISFoundation/osparc-simcore/security/dependabot/2590

@pcrespov please check change in invitations service
@bisgaard-itis please check API changes due to upgrade of fastapi-pagination

NOTE: after checking with @bisgaard-itis the fastapi-pagination library in api-server was constrained to <0.13.x due to incompatibilities with the osparc-client (the links field became optional) see #8254

Highlights on updated libraries (only updated libraries are included)

  • #packages before ~ 8
  • #packages after ~ 12
# name before after upgrade count packages
1 click 8.1.3, 8.1.7, 8.1.8 8.2.1 minor 77 agent⬆️🧪🔧
api-server⬆️🧪🔧
autoscaling⬆️🧪🔧
aws-library🧪🧪🔧
catalog⬆️🧪🔧
celery-library🧪🧪🔧
clusters-keeper⬆️🧪🔧
common-library🔧
dask-sidecar⬆️⬆️🧪🔧
dask-task-models-library🧪🔧
datcore-adapter⬆️🔧
director-v2⬆️🧪🔧
director⬆️🔧
docker-api-proxy🧪🔧
dynamic-scheduler⬆️🔧
dynamic-sidecar⬆️🔧
e2e-playwright🧪
invitations⬆️🔧
migration🔧
models-library🔧
notifications-library🧪🔧
notifications⬆️🔧
payments⬆️🔧
postgres-database🧪🔧
public-api🧪🧪
resource-usage-tracker⬆️🧪🔧
service-integration🧪🔧
service-library🧪🧪🔧
settings-library🧪🔧
simcore-sdk🧪🧪🔧
storage⬆️🧪🔧
swarm-deploy🧪🧪
web⬆️🧪🔧
2 fastapi 0.115.12, 0.115.14, 0.115.6 0.116.1 minor 22 agent⬆️
api-server⬆️🧪
autoscaling⬆️
aws-library🧪
catalog⬆️
clusters-keeper⬆️
datcore-adapter⬆️
director-v2⬆️
director⬆️
docker-api-proxy🧪
dynamic-scheduler⬆️
dynamic-sidecar⬆️
efs-guardian⬆️
helpers🧪
invitations⬆️
notifications⬆️
payments⬆️
resource-usage-tracker⬆️
service-library🧪
storage⬆️
web🧪
3 fastapi-cli 0.0.5, 0.0.7, 0.0.6 0.0.8 18 agent⬆️
api-server⬆️
autoscaling⬆️
catalog⬆️
clusters-keeper⬆️
datcore-adapter⬆️
director-v2⬆️
director⬆️
dynamic-scheduler⬆️
dynamic-sidecar⬆️
efs-guardian⬆️
invitations⬆️
notifications⬆️
payments⬆️
resource-usage-tracker⬆️
service-library🧪
storage⬆️
web🧪
4 fastapi-pagination 0.12.32, 0.12.34, 0.12.31 0.14.0,0.12.34 minor 4 api-server⬆️
datcore-adapter⬆️
storage⬆️
web🧪
5 rich 13.7.1, 13.4.2, 13.9.4, 14.0.0 14.1.0 minor 32 agent⬆️
api-server⬆️
autoscaling⬆️
aws-library🧪
catalog⬆️
celery-library🧪
clusters-keeper⬆️
dask-sidecar⬆️
dask-task-models-library🧪
datcore-adapter⬆️
director-v2⬆️
director⬆️
docker-api-proxy🧪
dynamic-scheduler⬆️
dynamic-sidecar⬆️
efs-guardian⬆️
invitations⬆️
models-library🔧
notifications-library🧪
notifications⬆️
payments⬆️
public-api🧪
resource-usage-tracker⬆️
service-integration🧪
service-library🧪🧪
settings-library🧪
simcore-sdk🧪
storage⬆️
swarm-deploy🧪
web⬆️🧪
6 rich-toolkit 0.14.7, 0.14.6, 0.12.0, 0.13.2 0.15.0 minor 16 agent⬆️
api-server⬆️
autoscaling⬆️
catalog⬆️
clusters-keeper⬆️
datcore-adapter⬆️
director-v2⬆️
dynamic-scheduler⬆️
dynamic-sidecar⬆️
efs-guardian⬆️
invitations⬆️
notifications⬆️
payments⬆️
resource-usage-tracker⬆️
service-library🧪
storage⬆️
7 starlette 0.41.3, 0.46.1, 0.41.2, 0.46.0, 0.41.0, 0.46.2, 0.45.3 0.47.2 minor 22 agent⬆️
api-server⬆️🧪
autoscaling⬆️
aws-library🧪
catalog⬆️
clusters-keeper⬆️
datcore-adapter⬆️
director-v2⬆️
director⬆️
docker-api-proxy🧪
dynamic-scheduler⬆️
dynamic-sidecar⬆️
efs-guardian⬆️
helpers🧪
invitations⬆️
notifications⬆️
payments⬆️
resource-usage-tracker⬆️
service-library🧪
storage⬆️
web🧪
8 typer 0.15.1, 0.15.2, 0.13.0, 0.15.4, 0.13.1, 0.12.3, 0.16.0 0.16.1 32 agent⬆️
api-server⬆️
autoscaling⬆️
aws-library🧪
catalog⬆️
celery-library🧪
clusters-keeper⬆️
dask-sidecar⬆️
dask-task-models-library🧪
datcore-adapter⬆️
director-v2⬆️
director⬆️
docker-api-proxy🧪
dynamic-scheduler⬆️
dynamic-sidecar⬆️
efs-guardian⬆️
invitations⬆️
models-library🔧
notifications-library🧪
notifications⬆️
payments⬆️
public-api🧪
resource-usage-tracker⬆️
service-integration🧪
service-library🧪🧪
settings-library🧪
simcore-sdk🧪
storage⬆️
swarm-deploy🧪
web⬆️🧪

Legend:

  • ⬆️ base dependency (only services because packages are floating)
  • 🧪 test dependency
  • 🔧 tool dependency

@sanderegg sanderegg added this to the Voyager milestone Aug 22, 2025
@sanderegg sanderegg self-assigned this Aug 22, 2025
@sanderegg sanderegg added the t:maintenance Some planned maintenance work label Aug 22, 2025
@codecov
Copy link

codecov bot commented Aug 22, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.04%. Comparing base (be7e1e2) to head (2c0d2de).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #8247      +/-   ##
==========================================
+ Coverage   88.02%   88.04%   +0.01%     
==========================================
  Files        1919     1919              
  Lines       74311    74311              
  Branches     1305     1305              
==========================================
+ Hits        65415    65426      +11     
+ Misses       8502     8491      -11     
  Partials      394      394
Flag Coverage Δ
integrationtests 63.94% <ø> (+0.01%) ⬆️
unittests 86.69% <ø> (+0.01%) ⬆️
Components Coverage Δ
pkg_aws_library 93.93% <ø> (ø)
pkg_celery_library 87.37% <ø> (ø)
pkg_dask_task_models_library 79.62% <ø> (ø)
pkg_models_library 93.05% <ø> (ø)
pkg_notifications_library 85.26% <ø> (ø)
pkg_postgres_database 88.02% <ø> (ø)
pkg_service_integration 70.19% <ø> (ø)
pkg_service_library 72.34% <ø> (ø)
pkg_settings_library 90.17% <ø> (ø)
pkg_simcore_sdk 85.03% <ø> (ø)
agent 93.90% <ø> (ø)
api_server 92.84% <ø> (ø)
autoscaling 95.89% <ø> (ø)
catalog 92.34% <ø> (ø)
clusters_keeper 99.13% <ø> (ø)
dask_sidecar 92.37% <ø> (+0.78%) ⬆️
datcore_adapter 97.94% <ø> (ø)
director 75.90% <ø> (ø)
director_v2 90.92% <ø> (-0.02%) ⬇️
dynamic_scheduler 96.27% <ø> (ø)
dynamic_sidecar 90.10% <ø> (ø)
efs_guardian 89.62% <ø> (ø)
invitations 91.44% <ø> (ø)
payments 92.61% <ø> (ø)
resource_usage_tracker 92.18% <ø> (ø)
storage 86.57% <ø> (ø)
webclient ∅ <ø> (∅)
webserver 88.10% <ø> (+0.02%) ⬆️

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update be7e1e2...2c0d2de. Read the comment docs.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@mergify
Copy link
Contributor

mergify bot commented Aug 22, 2025
edited
Loading

🧪 CI Insights

Here's what we observed from your CI run for 2c0d2de.

❌ Failed Jobs

Pipeline Job Health on base branch Retries 🔍 CI Insights 📄 Logs
PR CI OAS backwards compatibility Unknown 0 View View

@sanderegg sanderegg force-pushed the maintenance/security-updates branch from 8ad657b to 5315018 Compare August 22, 2025 09:20
@sanderegg sanderegg added the 🤖-automerge marks PR as ready to be merged for Mergify label Aug 22, 2025
@sanderegg sanderegg force-pushed the maintenance/security-updates branch from 5315018 to 79bac48 Compare August 22, 2025 09:23
@sanderegg
Copy link
Member Author

sanderegg commented Aug 22, 2025

@mergify queue

@mergify
Copy link
Contributor

mergify bot commented Aug 22, 2025
edited
Loading

queue

🟠 Waiting for conditions to match

  • any of: [🔀 queue conditions]
    • all of: [📌 queue conditions of queue default]
      • branch-protection-review-decision = APPROVED [🛡 GitHub branch protection]
      • any of: [🛡 GitHub branch protection]
        • check-neutral = deploy to dockerhub
        • check-skipped = deploy to dockerhub
        • check-success = deploy to dockerhub
      • any of: [🛡 GitHub branch protection]
        • check-neutral = system-tests
        • check-skipped = system-tests
        • check-success = system-tests
      • any of: [🛡 GitHub branch protection]
        • check-neutral = unit-tests
        • check-skipped = unit-tests
        • check-success = unit-tests
      • any of: [🛡 GitHub branch protection]
        • check-neutral = integration-tests
        • check-skipped = integration-tests
        • check-success = integration-tests
      • any of: [🛡 GitHub branch protection]
        • check-neutral = build-test-images (frontend) / build-test-images
        • check-skipped = build-test-images (frontend) / build-test-images
        • check-success = build-test-images (frontend) / build-test-images
      • #approved-reviews-by >= 2 [🛡 GitHub branch protection]
      • #approved-reviews-by>=2
      • #changes-requested-reviews-by = 0 [🛡 GitHub branch protection]
      • #changes-requested-reviews-by=0
      • #review-threads-unresolved = 0 [🛡 GitHub branch protection]
      • #review-threads-unresolved=0
      • -conflict
      • -draft
      • base=master
      • label!=🤖-do-not-merge
      • label=🤖-automerge
      • any of: [🛡 GitHub branch protection]
        • check-success = check OAS' are up to date
        • check-neutral = check OAS' are up to date
        • check-skipped = check OAS' are up to date
      • any of: [🛡 GitHub branch protection]
        • check-success = SonarCloud Code Analysis
        • check-neutral = SonarCloud Code Analysis
        • check-skipped = SonarCloud Code Analysis
  • -closed [📌 queue requirement]
  • -conflict [📌 queue requirement]
  • -draft [📌 queue requirement]
  • any of: [📌 queue -> configuration change requirements]
    • -mergify-configuration-changed
    • check-success = Configuration changed

@sanderegg sanderegg force-pushed the maintenance/security-updates branch from 79bac48 to c1e6063 Compare August 22, 2025 12:20
@sanderegg sanderegg requested a review from pcrespov August 22, 2025 15:23
@sanderegg sanderegg force-pushed the maintenance/security-updates branch from 7d67bdb to f35b986 Compare August 22, 2025 15:24
pcrespov
pcrespov approved these changes Aug 22, 2025
View reviewed changes
Copy link
Member

@pcrespov pcrespov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thx
invitations checked!

@sanderegg sanderegg force-pushed the maintenance/security-updates branch from f35b986 to e71da1f Compare August 25, 2025 08:14
@bisgaard-itis bisgaard-itis mentioned this pull request Aug 25, 2025
Open
1 task
@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 25, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sanderegg
Copy link
Member Author

sanderegg commented Aug 25, 2025

@mergify queue

@mergify
Copy link
Contributor

mergify bot commented Aug 25, 2025
edited
Loading

queue

🛑 Configuration not compatible with a branch protection setting

The branch protection setting Require branches to be up to date before merging is not compatible with max_parallel_checks>1, queue_conditions != merge_conditions and must be unset.

@sanderegg sanderegg merged commit 236d3a1 into ITISFoundation:master Aug 25, 2025
94 of 95 checks passed
@sanderegg sanderegg deleted the maintenance/security-updates branch August 25, 2025 08:50
@matusdrobuliak66 matusdrobuliak66 mentioned this pull request Sep 2, 2025
Closed
61 tasks
@matusdrobuliak66 matusdrobuliak66 mentioned this pull request Sep 18, 2025
Closed
17 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@giancarloromeo giancarloromeo giancarloromeo approved these changes

@GitHK GitHK GitHK approved these changes

@pcrespov pcrespov pcrespov approved these changes

@matusdrobuliak66 matusdrobuliak66 matusdrobuliak66 approved these changes

Assignees

@sanderegg sanderegg

Labels

🤖-automerge marks PR as ready to be merged for Mergify t:maintenance Some planned maintenance work

Projects

None yet

Milestone

Voyager

Development

Successfully merging this pull request may close these issues.

5 participants

@sanderegg @giancarloromeo @GitHK @pcrespov @matusdrobuliak66