From a9db3131804688d024604d89d60ce3dc52953bb2 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 22 Dec 2025 21:17:11 +0000 Subject: [PATCH 1/6] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/pre-commit/pre-commit-hooks: v5.0.0 → v6.0.0](https://github.com/pre-commit/pre-commit-hooks/compare/v5.0.0...v6.0.0) - [github.com/astral-sh/ruff-pre-commit: v0.12.0 → v0.14.10](https://github.com/astral-sh/ruff-pre-commit/compare/v0.12.0...v0.14.10) --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0b32988..5cc4ab2 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,7 +2,7 @@ ci: autofix_prs: false repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v5.0.0 + rev: v6.0.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer @@ -10,7 +10,7 @@ repos: - id: check-yaml - id: check-added-large-files - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.12.0 + rev: v0.14.10 hooks: - id: ruff args: ["--fix", "--show-fixes"] From 27d7d67fe7444826091676262a280be64859b7c3 Mon Sep 17 00:00:00 2001 From: Matt Savoie Date: Tue, 6 Jan 2026 15:32:14 -0700 Subject: [PATCH 2/6] DAS-2466: Address vulnerabilities in urllib3 --- .github/workflows/publish_release.yml | 4 ++-- .github/workflows/run_lib_tests.yml | 2 +- .snyk | 2 +- CHANGELOG.md | 4 +++- README.md | 7 +++++++ docs/requirements.txt | 4 ++-- pip_requirements.txt | 2 +- 7 files changed, 17 insertions(+), 8 deletions(-) diff --git a/.github/workflows/publish_release.yml b/.github/workflows/publish_release.yml index ffa8378..e49a3bb 100644 --- a/.github/workflows/publish_release.yml +++ b/.github/workflows/publish_release.yml @@ -78,10 +78,10 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - - name: Set up Python 3.11 + - name: Set up Python 3.12 uses: actions/setup-python@v4 with: - python-version: '3.11' + python-version: '3.12' - name: Install build package run: | diff --git a/.github/workflows/run_lib_tests.yml b/.github/workflows/run_lib_tests.yml index a09c539..f5c9b66 100644 --- a/.github/workflows/run_lib_tests.yml +++ b/.github/workflows/run_lib_tests.yml @@ -10,7 +10,7 @@ jobs: strategy: fail-fast: false matrix: - python-version: ['3.10', '3.11', '3.12'] + python-version: ['3.10', '3.11', '3.12', '3.13'] steps: - name: Checkout harmony-browse-image-generator repository diff --git a/.snyk b/.snyk index aa2f47b..09a7bb9 100644 --- a/.snyk +++ b/.snyk @@ -1,4 +1,4 @@ # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. version: v1.25.0 language-settings: - python: "3.11" + python: "3.12" diff --git a/CHANGELOG.md b/CHANGELOG.md index f1c5d30..f5ebd7a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,9 @@ Changelog](http://keepachangelog.com/en/1.0.0/). * GitHub release notes for HyBIG will now include the commit history for that release. -## [v2.5.0] - Unreleased +* Service libraries updated to address vulnerabilities. + +## [v2.5.0] - 2026-12-03 ### Changed diff --git a/README.md b/README.md index 1aea263..16c6d7d 100644 --- a/README.md +++ b/README.md @@ -249,6 +249,7 @@ also with units of degrees. ## Repository structure: ``` +|- .snyk |- 📂 bin |- 📂 docker |- 📂 docs @@ -267,6 +268,12 @@ also with units of degrees. ``` +* `.snyk` - A file used by the Snyk webhook to ensure the correct version of + Python is used when installing the full dependency tree for the project. This + file is duplicated in each directory that contains a requirements + file. (`./docs`, `./tests`) **This file, and all copies, must be updated when + the version of Python is updated in the service Docker image.** + * `bin` - A directory containing utility scripts to build the service and test images. A script to extract the release notes for the most recent version, as contained in `CHANGELOG.md` is also in this directory. diff --git a/docs/requirements.txt b/docs/requirements.txt index 3080d1a..5d220dc 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,2 +1,2 @@ -notebook==7.2.2 -harmony-py~=0.4.14 +notebook~=7.5.1 +harmony-py~=1.3.3 diff --git a/pip_requirements.txt b/pip_requirements.txt index 736ebe9..d68169b 100644 --- a/pip_requirements.txt +++ b/pip_requirements.txt @@ -1,4 +1,4 @@ -harmony-service-lib~=2.0.0 +harmony-service-lib~=2.11.0 matplotlib==3.9.0 numpy==1.26.4 pillow==10.4.0 From 0136aca9dc6e7a26a5821b9d5acc09e9dadee127 Mon Sep 17 00:00:00 2001 From: Matt Savoie Date: Tue, 6 Jan 2026 15:40:27 -0700 Subject: [PATCH 3/6] DAS-2466: fix python version in readme. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 16c6d7d..660a250 100644 --- a/README.md +++ b/README.md @@ -343,7 +343,7 @@ independent of the main Harmony application: ``` -> conda create --name hybig-env python==3.11 +> conda create --name hybig-env python==3.12 > pip install -r pip_requirements.txt -r pip_requirements_skip_snyk.txt > pip install -r dev-requirements.txt From 8498fa3117e306e49dc524167e9db06edf1fcdd6 Mon Sep 17 00:00:00 2001 From: Matt Savoie Date: Tue, 6 Jan 2026 15:55:37 -0700 Subject: [PATCH 4/6] DAS-2466: Remove 3.13 since things are pinned tightly. --- .github/workflows/run_lib_tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run_lib_tests.yml b/.github/workflows/run_lib_tests.yml index f5c9b66..a09c539 100644 --- a/.github/workflows/run_lib_tests.yml +++ b/.github/workflows/run_lib_tests.yml @@ -10,7 +10,7 @@ jobs: strategy: fail-fast: false matrix: - python-version: ['3.10', '3.11', '3.12', '3.13'] + python-version: ['3.10', '3.11', '3.12'] steps: - name: Checkout harmony-browse-image-generator repository From dd95f1b822f1a02311beabfcaf7d09028d13de1d Mon Sep 17 00:00:00 2001 From: Matt Savoie Date: Tue, 6 Jan 2026 16:01:42 -0700 Subject: [PATCH 5/6] DAS-2466: Commit the co-located snyk files. --- docs/.snyk | 4 ++++ tests/.snyk | 4 ++++ 2 files changed, 8 insertions(+) create mode 100644 docs/.snyk create mode 100644 tests/.snyk diff --git a/docs/.snyk b/docs/.snyk new file mode 100644 index 0000000..09a7bb9 --- /dev/null +++ b/docs/.snyk @@ -0,0 +1,4 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +language-settings: + python: "3.12" diff --git a/tests/.snyk b/tests/.snyk new file mode 100644 index 0000000..09a7bb9 --- /dev/null +++ b/tests/.snyk @@ -0,0 +1,4 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +language-settings: + python: "3.12" From cd01f75b308060e2f3b2601a79af8505acde690a Mon Sep 17 00:00:00 2001 From: Matt Savoie Date: Tue, 6 Jan 2026 16:07:02 -0700 Subject: [PATCH 6/6] DAS-2466: Create a release. --- CHANGELOG.md | 5 ++++- docker/service_version.txt | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f5ebd7a..9fd8647 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ HyBIG follows semantic versioning. All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). -## [vX.Y.Z] - Unreleased +## [v2.5.1] - 2026-01-06 ### Changed @@ -146,6 +146,9 @@ For more information on internal releases prior to NASA open-source approval, see legacy-CHANGELOG.md. [unreleased]: https://github.com/nasa/harmony-browse-image-generator/ +[v2.5.1]: https://github.com/nasa/harmony-browse-image-generator/releases/tag/2.5.1 +[v2.5.0]: https://github.com/nasa/harmony-browse-image-generator/releases/tag/2.5.0 +[v2.4.2]: https://github.com/nasa/harmony-browse-image-generator/releases/tag/2.4.2 [v2.4.1]: https://github.com/nasa/harmony-browse-image-generator/releases/tag/2.4.1 [v2.4.0]: https://github.com/nasa/harmony-browse-image-generator/releases/tag/2.4.0 [v2.3.0]: https://github.com/nasa/harmony-browse-image-generator/releases/tag/2.3.0 diff --git a/docker/service_version.txt b/docker/service_version.txt index 437459c..73462a5 100644 --- a/docker/service_version.txt +++ b/docker/service_version.txt @@ -1 +1 @@ -2.5.0 +2.5.1