DAS-2466: Address vulnerabilities in urllib3

flamingbear · flamingbear · commit 27d7d67fe744 · 2026-01-06T15:32:14.000-07:00
diff --git a/.github/workflows/publish_release.yml b/.github/workflows/publish_release.yml
@@ -78,10 +78,10 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
-      - name: Set up Python 3.11
+      - name: Set up Python 3.12
         uses: actions/setup-python@v4
         with:
-          python-version: '3.11'
+          python-version: '3.12'
 
       - name: Install build package
         run: |
diff --git a/.github/workflows/run_lib_tests.yml b/.github/workflows/run_lib_tests.yml
@@ -10,7 +10,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ['3.10', '3.11', '3.12']
+        python-version: ['3.10', '3.11', '3.12', '3.13']
 
     steps:
       - name: Checkout harmony-browse-image-generator repository
diff --git a/.snyk b/.snyk
@@ -1,4 +1,4 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
 version: v1.25.0
 language-settings:
-  python: "3.11"
+  python: "3.12"
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,7 +11,9 @@ Changelog](http://keepachangelog.com/en/1.0.0/).
 * GitHub release notes for HyBIG will now include the commit history for that
   release.
 
-## [v2.5.0] - Unreleased
+* Service libraries updated to address vulnerabilities.
+
+## [v2.5.0] - 2026-12-03
 
 ### Changed
 
diff --git a/README.md b/README.md
@@ -249,6 +249,7 @@ also with units of degrees.
 ## Repository structure:
 
 ```
+|- .snyk
 |- 📂 bin
 |- 📂 docker
 |- 📂 docs
@@ -267,6 +268,12 @@ also with units of degrees.
 
 ```
 
+* `.snyk` - A file used by the Snyk webhook to ensure the correct version of
+  Python is used when installing the full dependency tree for the project. This
+  file is duplicated in each directory that contains a requirements
+  file. (`./docs`, `./tests`) **This file, and all copies, must be updated when
+  the version of Python is updated in the service Docker image.**
+
 * `bin` - A directory containing utility scripts to build the service and test
   images. A script to extract the release notes for the most recent version, as
   contained in `CHANGELOG.md` is also in this directory.
diff --git a/docs/requirements.txt b/docs/requirements.txt
@@ -1,2 +1,2 @@
-notebook==7.2.2
-harmony-py~=0.4.14
+notebook~=7.5.1
+harmony-py~=1.3.3
diff --git a/pip_requirements.txt b/pip_requirements.txt
@@ -1,4 +1,4 @@
-harmony-service-lib~=2.0.0
+harmony-service-lib~=2.11.0
 matplotlib==3.9.0
 numpy==1.26.4
 pillow==10.4.0

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-harmony-service-lib~=2.0.0`
	`1`	`+harmony-service-lib~=2.11.0`
`2`	`2`	`matplotlib==3.9.0`
`3`	`3`	`numpy==1.26.4`
`4`	`4`	`pillow==10.4.0`