Apply security updates (#562)

c-w · web-flow · commit c18a4756e461 · 2021-10-01T22:51:21.000-04:00
* Apply security updates

* Turn off PyUp

* Fix build
diff --git a/.pyup.yml b/.pyup.yml
diff --git a/README.rst b/README.rst
@@ -8,9 +8,6 @@ Lokole
 .. image:: https://img.shields.io/pypi/v/opwen_email_client.svg
   :target: https://pypi.python.org/pypi/opwen_email_client/
 
-.. image:: https://pyup.io/repos/github/ascoderu/lokole/shield.svg
-  :target: https://pyup.io/repos/github/ascoderu/lokole/
-
 .. image:: https://codecov.io/gh/ascoderu/lokole/branch/master/graph/badge.svg
   :target: https://codecov.io/gh/ascoderu/lokole
 
@@ -100,7 +97,6 @@ Below is a list of some of the key technologies used in the Lokole project:
 - `Sendgrid Inbound Parse <https://sendgrid.com/docs/for-developers/parsing-email/setting-up-the-inbound-parse-webhook/>`_ is used to receive emails from email providers and forward them to the Lokole email server. `Sendgrid Web API v3 <https://github.com/sendgrid/sendgrid-python>`_ is used to deliver emails from the Lokole email server to email providers. The MX records for Sendgrid are automatically generated via `Cloudflare API v4 <https://api.cloudflare.com/>`_.
 - `Github API v4 <https://developer.github.com/v4/>`_ is used to authenticate interactive calls to the Lokole email server API such as registering new clients or managing existing clients. Authorization is managed by Github team memberships on the Ascoderu organization. Management operations are exposed via the Lokole status page which is implemented in `React <https://reactjs.org/>`_ with `Ant Design <https://ant.design/docs/react/introduce>`_.
 - `Github Actions <https://github.com/ascoderu/lokole/actions>`_ are used to verify pull requests and deploy updates to production.
-- [ ~ Dependencies scanned by PyUp.io ~ ]
 
 The diagram below shows the technologies in the context of the system as well as their interactions:
 
diff --git a/docker/app/Dockerfile b/docker/app/Dockerfile
@@ -2,7 +2,7 @@ ARG PYTHON_VERSION=3.7
 FROM python:${PYTHON_VERSION} AS builder
 
 RUN apt-get update \
- && apt-get install -y --no-install-recommends mobile-broadband-provider-info=20170903-1 \
+ && apt-get install -y --no-install-recommends mobile-broadband-provider-info=20201225-1 \
  && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app
diff --git a/docker/integtest/Dockerfile b/docker/integtest/Dockerfile
@@ -1,4 +1,4 @@
-FROM microsoft/azure-cli:2.0.32
+FROM mcr.microsoft.com/azure-cli:2.0.32
 
 RUN apk add -q --no-cache \
     curl=7.59.0-r0 \
diff --git a/docker/setup/Dockerfile b/docker/setup/Dockerfile
@@ -1,4 +1,4 @@
-FROM microsoft/azure-cli:2.0.32
+FROM mcr.microsoft.com/azure-cli:2.0.32
 
 ARG HELM_VERSION="3.2.1"
 ARG KUBECTL_VERSION="1.14.8"
diff --git a/requirements-webapp.txt b/requirements-webapp.txt
@@ -28,4 +28,4 @@ typing==3.7.4.3
 tzlocal==2.1
 watchdog==0.10.4
 xtarfile[zstd]==0.0.4
-Pillow==8.2.0
+Pillow==8.3.2
diff --git a/requirements.txt b/requirements.txt
@@ -1,6 +1,6 @@
 Flask==1.1.2
 Flask-Cors==3.0.9
-Pillow==8.2.0
+Pillow==8.3.2
 apache-libcloud==3.2.0
 applicationinsights==0.11.9
 beautifulsoup4==4.9.3
diff --git a/yarn.lock b/yarn.lock
@@ -1051,9 +1051,9 @@ getobject@~1.0.0:
   integrity sha512-tbUz6AKKKr2YiMB+fLWIgq5ZeBOobop9YMMAU9dC54/ot2ksMXt3DOFyBuhZw6ptcVszEykgByK20j7W9jHFag==
 
 glob-parent@^5.0.0:
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.0.0.tgz#1dc99f0f39b006d3e92c2c284068382f0c20e954"
-  integrity sha512-Z2RwiujPRGluePM6j699ktJYxmPpJKCfpGA13jz2hmFZC7gKetzrWvg5KN3+OsIFmydGyZ1AVwERCq1w/ZZwRg==
+  version "5.1.2"
+  resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4"
+  integrity sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==
   dependencies:
     is-glob "^4.0.1"
 
@@ -2110,9 +2110,9 @@ path-key@^2.0.0, path-key@^2.0.1:
   integrity sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=
 
 path-parse@^1.0.6:
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.6.tgz#d62dbb5679405d72c4737ec58600e9ddcf06d24c"
-  integrity sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw==
+  version "1.0.7"
+  resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735"
+  integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==
 
 path-root-regex@^0.1.0:
   version "0.1.2"

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM microsoft/azure-cli:2.0.32`
	`1`	`+FROM mcr.microsoft.com/azure-cli:2.0.32`
`2`	`2`
`3`	`3`	`RUN apk add -q --no-cache \`
`4`	`4`	`curl=7.59.0-r0 \`