Fix security alerts (#116)

kse3hi · web-flow · commit de93359c0edd · 2024-02-05T12:44:35.000+01:00
* Fix security alerts

* Fix notice 3rd ...
diff --git a/.project-creation/.skeleton/requirements.in b/.project-creation/.skeleton/requirements.in
@@ -16,4 +16,4 @@ grpcio==1.59.0
 protobuf==4.24.4
 dapr==1.11.0
 cloudevents==1.10.0
-aiohttp==3.9.2
+aiohttp==3.9.3
diff --git a/.project-creation/.skeleton/requirements.txt b/.project-creation/.skeleton/requirements.txt
@@ -2,9 +2,9 @@
 # This file is autogenerated by pip-compile with Python 3.10
 # by the following command:
 #
-#    pip-compile requirements.in
+#    pip-compile
 #
-aiohttp==3.9.0
+aiohttp==3.9.3
     # via
     #   -r requirements.in
     #   dapr
diff --git a/NOTICE-3RD-PARTY-CONTENT.md b/NOTICE-3RD-PARTY-CONTENT.md
@@ -3,7 +3,7 @@
 ## Python
 | Dependency | Version | License |
 |:-----------|:-------:|--------:|
-|aiohttp|3.9.2|Apache 2.0|
+|aiohttp|3.9.3|Apache 2.0|
 |aiosignal|1.3.1|Apache 2.0|
 |APScheduler|3.10.4|MIT|
 |async-timeout|4.0.3|Apache 2.0|
@@ -13,7 +13,7 @@
 |cfgv|3.4.0|MIT|
 |chardet|5.2.0|LGPL|
 |click|8.1.7|New BSD|
-|cloudevents|1.9.0|Apache 2.0|
+|cloudevents|1.10.1|Apache 2.0|
 |colorama|0.4.6|BSD|
 |coverage|7.4.1|Apache 2.0|
 |dapr|1.10.0|Apache 2.0|
@@ -28,23 +28,24 @@
 |grpcio-tools|1.59.0|Apache 2.0|
 |identify|2.5.33|MIT|
 |idna|3.4|BSD|
+|importlib-metadata|6.11.0|Apache 2.0|
 |iniconfig|2.0.0|MIT|
 |multidict|6.0.4|Apache 2.0|
 |mypy|1.8.0|MIT|
 |mypy-extensions|1.0.0|MIT|
 |mypy-protobuf|3.4.0|Apache 2.0|
 |nodeenv|1.8.0|BSD|
-|opentelemetry-api|1.15.0|Apache 2.0|
-|opentelemetry-distro|0.36b0|Apache 2.0|
-|opentelemetry-instrumentation|0.36b0|Apache 2.0|
-|opentelemetry-instrumentation-logging|0.36b0|Apache 2.0|
-|opentelemetry-sdk|1.15.0|Apache 2.0|
-|opentelemetry-semantic-conventions|0.36b0|Apache 2.0|
+|opentelemetry-api|1.22.0|Apache 2.0|
+|opentelemetry-distro|0.43b0|Apache 2.0|
+|opentelemetry-instrumentation|0.43b0|Apache 2.0|
+|opentelemetry-instrumentation-logging|0.43b0|Apache 2.0|
+|opentelemetry-sdk|1.22.0|Apache 2.0|
+|opentelemetry-semantic-conventions|0.43b0|Apache 2.0|
 |packaging|23.1|Apache 2.0<br/>BSD|
 |paho-mqtt|1.6.1|OSI Approved|
-|pip|23.3.2|MIT|
+|pip|24.0|MIT|
 |pip-tools|7.3.0|BSD|
-|platformdirs|4.1.0|MIT|
+|platformdirs|4.2.0|MIT|
 |pluggy|1.4.0|MIT|
 |pre-commit|3.6.0|MIT|
 |protobuf|4.21.12|Google License|
@@ -54,21 +55,22 @@
 |pytest-asyncio|0.23.4|Apache 2.0|
 |pytest-cov|4.1.0|MIT|
 |python-dateutil|2.8.2|Apache 2.0<br/>BSD|
-|pytz|2023.4|MIT|
+|pytz|2024.1|MIT|
 |PyYAML|6.0.1|MIT|
 |setuptools|58.1.0|MIT|
 |six|1.16.0|MIT|
 |tomli|2.0.1|MIT|
 |tox|4.11.4|MIT|
 |types-Deprecated|1.2.9.20240106|Apache 2.0|
 |types-mock|5.1.0.20240106|Apache 2.0|
-|types-protobuf|4.24.0.20240106|Apache 2.0|
+|types-protobuf|4.24.0.20240129|Apache 2.0|
 |typing-extensions|4.7.1|Python Software Foundation License|
 |tzlocal|5.2|MIT|
 |virtualenv|20.25.0|MIT|
 |wheel|0.42.0|MIT|
 |wrapt|1.15.0|BSD|
 |yarl|1.9.2|Apache 2.0|
+|zipp|3.17.0|MIT|
 ## Workflows
 | Dependency | Version | License |
 |:-----------|:-------:|--------:|
diff --git a/examples/seat-adjuster/requirements.in b/examples/seat-adjuster/requirements.in
@@ -16,5 +16,5 @@ grpcio==1.59.0
 protobuf==4.24.4
 dapr==1.11.0
 cloudevents==1.10.0
-aiohttp==3.9.2
+aiohttp==3.9.3
 packaging==23.0
diff --git a/examples/seat-adjuster/requirements.txt b/examples/seat-adjuster/requirements.txt
@@ -4,7 +4,7 @@
 #
 #    pip-compile
 #
-aiohttp==3.9.2
+aiohttp==3.9.3
     # via
     #   -r requirements.in
     #   dapr
diff --git a/requirements.txt b/requirements.txt
@@ -4,7 +4,7 @@
 #
 #    pip-compile --extra=dev
 #
-aiohttp==3.9.2
+aiohttp==3.9.3
     # via
     #   dapr
     #   velocitas_sdk (setup.py)
@@ -26,7 +26,7 @@ chardet==5.2.0
     # via tox
 click==8.1.7
     # via pip-tools
-cloudevents==1.9.0
+cloudevents==1.10.1
     # via velocitas_sdk (setup.py)
 colorama==0.4.6
     # via tox
@@ -68,6 +68,8 @@ identify==2.5.33
     # via pre-commit
 idna==3.4
     # via yarl
+importlib-metadata==6.11.0
+    # via opentelemetry-api
 iniconfig==2.0.0
     # via pytest
 multidict==6.0.4
@@ -82,26 +84,26 @@ mypy-protobuf==3.4.0
     # via velocitas_sdk (setup.py)
 nodeenv==1.8.0
     # via pre-commit
-opentelemetry-api==1.15.0
+opentelemetry-api==1.22.0
     # via
     #   opentelemetry-distro
     #   opentelemetry-instrumentation
     #   opentelemetry-instrumentation-logging
     #   opentelemetry-sdk
     #   velocitas_sdk (setup.py)
-opentelemetry-distro==0.36b0
+opentelemetry-distro==0.43b0
     # via velocitas_sdk (setup.py)
-opentelemetry-instrumentation==0.36b0
+opentelemetry-instrumentation==0.43b0
     # via
     #   opentelemetry-distro
     #   opentelemetry-instrumentation-logging
-opentelemetry-instrumentation-logging==0.36b0
+opentelemetry-instrumentation-logging==0.43b0
     # via velocitas_sdk (setup.py)
-opentelemetry-sdk==1.15.0
+opentelemetry-sdk==1.22.0
     # via
     #   opentelemetry-distro
     #   velocitas_sdk (setup.py)
-opentelemetry-semantic-conventions==0.36b0
+opentelemetry-semantic-conventions==0.43b0
     # via opentelemetry-sdk
 packaging==23.1
     # via
@@ -114,7 +116,7 @@ paho-mqtt==1.6.1
     # via velocitas_sdk (setup.py)
 pip-tools==7.3.0
     # via velocitas_sdk (setup.py)
-platformdirs==4.1.0
+platformdirs==4.2.0
     # via
     #   tox
     #   virtualenv
@@ -145,7 +147,7 @@ pytest-cov==4.1.0
     # via velocitas_sdk (setup.py)
 python-dateutil==2.8.2
     # via dapr
-pytz==2023.4
+pytz==2024.1
     # via apscheduler
 pyyaml==6.0.1
     # via pre-commit
@@ -169,7 +171,7 @@ types-deprecated==1.2.9.20240106
     # via velocitas_sdk (setup.py)
 types-mock==5.1.0.20240106
     # via velocitas_sdk (setup.py)
-types-protobuf==4.24.0.20240106
+types-protobuf==4.24.0.20240129
     # via mypy-protobuf
 typing-extensions==4.7.1
     # via
@@ -190,6 +192,8 @@ wrapt==1.15.0
     #   opentelemetry-instrumentation
 yarl==1.9.2
     # via aiohttp
+zipp==3.17.0
+    # via importlib-metadata
 
 # The following packages are considered to be unsafe in a requirements file:
 # pip
diff --git a/setup.py b/setup.py
@@ -17,14 +17,14 @@
 requirements = [
     "grpcio>=1.59.0",
     "protobuf>=3.19.4",
-    "cloudevents",
+    "cloudevents>=1.10.0",
     "dapr",
-    "aiohttp>=3.9.0",
+    "aiohttp==3.9.3",
     "paho-mqtt>=1.6.1",
-    "opentelemetry-distro<=0.36b0",
-    "opentelemetry-instrumentation-logging<=0.36b0",
-    "opentelemetry-sdk<=1.15.0",
-    "opentelemetry-api<=1.15.0",
+    "opentelemetry-distro>=0.43b0",
+    "opentelemetry-instrumentation-logging>=0.43b0",
+    "opentelemetry-sdk>=1.22.0",
+    "opentelemetry-api>=1.22.0",
 ]
 
 extra_requirements = {

Original file line number	Diff line number	Diff line change
`@@ -2,9 +2,9 @@`
`2`	`2`	`# This file is autogenerated by pip-compile with Python 3.10`
`3`	`3`	`# by the following command:`
`4`	`4`	`#`
`5`		`-# pip-compile requirements.in`
	`5`	`+# pip-compile`
`6`	`6`	`#`
`7`		`-aiohttp==3.9.0`
	`7`	`+aiohttp==3.9.3`
`8`	`8`	`# via`
`9`	`9`	`# -r requirements.in`
`10`	`10`	`# dapr`
Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@`
`4`	`4`	`#`
`5`	`5`	`# pip-compile`
`6`	`6`	`#`
`7`		`-aiohttp==3.9.2`
	`7`	`+aiohttp==3.9.3`
`8`	`8`	`# via`
`9`	`9`	`# -r requirements.in`
`10`	`10`	`# dapr`