⬆️ 🔒️ Upgrades to overcome vulnerabilities (ITISFoundation#2663)

pcrespov · web-flow · commit 05a2f8157a24 · 2021-11-26T19:19:41.000+01:00
diff --git a/ci/helpers/requirements.txt b/ci/helpers/requirements.txt
@@ -2,73 +2,82 @@
 # This file is autogenerated by pip-compile with python 3.8
 # To update, run:
 #
-#    pip-compile
+#    pip-compile requirements.in
 #
-aiohttp==3.7.4.post0
+aiohttp==3.8.1
     # via -r requirements.in
+aiosignal==1.2.0
+    # via aiohttp
 amqp==5.0.6
     # via kombu
-async-timeout==3.0.1
+anyio==3.4.0
+    # via starlette
+async-timeout==4.0.1
     # via aiohttp
 attrs==21.2.0
     # via aiohttp
 billiard==3.6.4.0
     # via celery
-celery==5.1.2
+celery==5.2.1
     # via -r requirements.in
-certifi==2020.6.20
+certifi==2021.10.8
     # via requests
-chardet==3.0.4
+charset-normalizer==2.0.8
     # via
     #   aiohttp
     #   requests
-click==7.1.2
+click==8.0.3
     # via
     #   celery
     #   click-didyoumean
     #   click-plugins
     #   click-repl
-click-didyoumean==0.0.3
+click-didyoumean==0.3.0
     # via celery
 click-plugins==1.1.1
     # via celery
 click-repl==0.2.0
     # via celery
-docker==5.0.2
+docker==5.0.3
     # via -r requirements.in
-fastapi==0.68.1
+fastapi==0.70.0
     # via -r requirements.in
-idna==2.10
+frozenlist==1.2.0
+    # via
+    #   aiohttp
+    #   aiosignal
+idna==3.3
     # via
+    #   anyio
     #   requests
     #   yarl
-kombu==5.1.0
+kombu==5.2.2
     # via celery
-multidict==5.1.0
+multidict==5.2.0
     # via
     #   aiohttp
     #   yarl
-prompt-toolkit==3.0.20
+prompt-toolkit==3.0.22
     # via click-repl
 pydantic==1.8.2
     # via fastapi
-pyjwt==1.7.1
+pyjwt==2.3.0
     # via -r requirements.in
-pytz==2020.1
+pytz==2021.3
     # via celery
-requests==2.24.0
+requests==2.26.0
     # via docker
-six==1.15.0
-    # via
-    #   click-repl
-    #   websocket-client
-starlette==0.14.2
+six==1.16.0
+    # via click-repl
+sniffio==1.2.0
+    # via anyio
+starlette==0.16.0
     # via fastapi
-typing-extensions==3.10.0.2
+typing-extensions==4.0.0
     # via
-    #   aiohttp
+    #   async-timeout
     #   pydantic
-urllib3==1.25.10
+urllib3==1.26.7
     # via requests
 vine==5.0.0
     # via
@@ -77,9 +86,9 @@ vine==5.0.0
     #   kombu
 wcwidth==0.2.5
     # via prompt-toolkit
-websocket-client==0.57.0
+websocket-client==1.2.1
     # via docker
-yarl==1.6.3
+yarl==1.7.2
     # via aiohttp
 
 # The following packages are considered to be unsafe in a requirements file:
diff --git a/services/catalog/requirements/_base.txt b/services/catalog/requirements/_base.txt
@@ -154,6 +154,7 @@ pyyaml==5.4.1
     #   -c requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
     #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
     #   -c requirements/../../../packages/service-library/requirements/./_base.in
+    #   -c requirements/../../../packages/service-library/requirements/./constraints.txt
     #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
     #   -c requirements/../../../requirements/constraints.txt
     #   -r requirements/../../../packages/service-library/requirements/_base.in
@@ -210,7 +211,7 @@ typing-extensions==3.10.0.2
     # via pydantic
 ujson==4.0.2
     # via fastapi
-urllib3==1.26.5
+urllib3==1.26.7
     # via
     #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
     #   -c requirements/../../../packages/postgres-database/requirements/../../../requirements/constraints.txt
diff --git a/services/catalog/requirements/_test.txt b/services/catalog/requirements/_test.txt
@@ -237,7 +237,7 @@ typing-extensions==3.10.0.2
     #   aiohttp
     #   astroid
     #   pylint
-urllib3==1.26.5
+urllib3==1.26.7
     # via
     #   -c requirements/../../../requirements/constraints.txt
     #   -c requirements/_base.txt
diff --git a/services/dask-sidecar/requirements/_base.txt b/services/dask-sidecar/requirements/_base.txt
@@ -8,7 +8,7 @@ aiodocker==0.21.0
     # via -r requirements/_base.in
 aiofiles==0.7.0
     # via -r requirements/_base.in
-aiohttp==3.7.4.post0
+aiohttp==3.8.1
     # via
     #   -c requirements/../../../packages/dask-task-models-library/requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
     #   -c requirements/../../../packages/dask-task-models-library/requirements/../../../requirements/constraints.txt
@@ -19,13 +19,15 @@ aiohttp==3.7.4.post0
     #   -r requirements/_base.in
     #   aiodocker
     #   jupyter-server-proxy
+aiosignal==1.2.0
+    # via aiohttp
 anyio==3.2.0
     # via jupyter-server
 argon2-cffi==20.1.0
     # via jupyter-server
 async-generator==1.10
     # via nbclient
-async-timeout==3.0.1
+async-timeout==4.0.1
     # via aiohttp
 attrs==20.2.0
     # via
@@ -42,10 +44,10 @@ certifi==2021.5.30
     # via requests
 cffi==1.14.5
     # via argon2-cffi
-chardet==3.0.4
-    # via aiohttp
 charset-normalizer==2.0.6
-    # via requests
+    # via
+    #   aiohttp
+    #   requests
 click==7.1.2
     # via distributed
 cloudpickle==1.6.0
@@ -69,6 +71,10 @@ email-validator==1.1.1
     # via pydantic
 entrypoints==0.3
     # via nbconvert
+frozenlist==1.2.0
+    # via
+    #   aiohttp
+    #   aiosignal
 fsspec==2021.10.1
     # via
     #   -c requirements/constraints.txt
@@ -105,7 +111,9 @@ jinja2==2.11.3
     #   jupyter-server
     #   nbconvert
 jsonschema==3.2.0
-    # via nbformat
+    # via
+    #   -c requirements/../../../packages/service-library/requirements/./constraints.txt
+    #   nbformat
 jupyter-client==6.1.12
     # via
     #   jupyter-server
@@ -213,6 +221,7 @@ pyyaml==5.4.1
     #   -c requirements/../../../packages/dask-task-models-library/requirements/../../../requirements/constraints.txt
     #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
     #   -c requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./constraints.txt
     #   -c requirements/../../../packages/service-library/requirements/_base.in
     #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
     #   -c requirements/../../../requirements/constraints.txt
@@ -272,10 +281,10 @@ typing-extensions==3.10.0.2 ; python_version < "3.9"
     # via
     #   -c requirements/../../../packages/dask-task-models-library/requirements/_base.in
     #   aiodocker
-    #   aiohttp
+    #   async-timeout
     #   bokeh
     #   pydantic
-urllib3==1.26.5
+urllib3==1.26.7
     # via
     #   -c requirements/../../../packages/dask-task-models-library/requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
     #   -c requirements/../../../packages/dask-task-models-library/requirements/../../../requirements/constraints.txt
diff --git a/services/dask-sidecar/requirements/_packages.txt b/services/dask-sidecar/requirements/_packages.txt
@@ -107,6 +107,7 @@ pyyaml==5.4.1
     #   -c requirements/../../../packages/dask-task-models-library/requirements/../../../requirements/constraints.txt
     #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
     #   -c requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./constraints.txt
     #   -c requirements/../../../requirements/constraints.txt
     #   -c requirements/_base.txt
     #   -r requirements/../../../packages/service-library/requirements/_base.in
diff --git a/services/dask-sidecar/requirements/_test.txt b/services/dask-sidecar/requirements/_test.txt
@@ -4,14 +4,18 @@
 #
 #    pip-compile --output-file=requirements/_test.txt --strip-extras requirements/_test.in
 #
-aiohttp==3.7.4.post0
+aiohttp==3.8.1
     # via
     #   -c requirements/../../../requirements/constraints.txt
     #   -c requirements/_base.txt
     #   pytest-aiohttp
+aiosignal==1.2.0
+    # via
+    #   -c requirements/_base.txt
+    #   aiohttp
 astroid==2.9.0
     # via pylint
-async-timeout==3.0.1
+async-timeout==4.0.1
     # via
     #   -c requirements/_base.txt
     #   aiohttp
@@ -29,13 +33,10 @@ cffi==1.14.5
     # via
     #   -c requirements/_base.txt
     #   cryptography
-chardet==3.0.4
-    # via
-    #   -c requirements/_base.txt
-    #   aiohttp
 charset-normalizer==2.0.6
     # via
     #   -c requirements/_base.txt
+    #   aiohttp
     #   requests
 coverage==6.1.2
     # via
@@ -54,6 +55,11 @@ docopt==0.6.2
     # via coveralls
 faker==9.8.3
     # via -r requirements/_test.in
+frozenlist==1.2.0
+    # via
+    #   -c requirements/_base.txt
+    #   aiohttp
+    #   aiosignal
 icdiff==2.0.4
     # via pytest-icdiff
 idna==2.10
@@ -172,10 +178,10 @@ typing-extensions==3.10.0.2 ; python_version < "3.9"
     # via
     #   -c requirements/_base.txt
     #   -c requirements/_packages.txt
-    #   aiohttp
     #   astroid
+    #   async-timeout
     #   pylint
-urllib3==1.26.5
+urllib3==1.26.7
     # via
     #   -c requirements/../../../requirements/constraints.txt
     #   -c requirements/_base.txt
diff --git a/services/datcore-adapter/requirements/_base.txt b/services/datcore-adapter/requirements/_base.txt
@@ -134,7 +134,9 @@ pyyaml==5.4.1
     #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
     #   -c requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
     #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/././constraints.txt
     #   -c requirements/../../../packages/service-library/requirements/./_base.in
+    #   -c requirements/../../../packages/service-library/requirements/./constraints.txt
     #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
     #   -c requirements/../../../requirements/constraints.txt
     #   -r requirements/../../../packages/service-library/requirements/_base.in
@@ -184,7 +186,7 @@ typing-extensions==3.10.0.2
     # via
     #   fastapi-pagination
     #   pydantic
-urllib3==1.26.6
+urllib3==1.26.7
     # via
     #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
     #   -c requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
diff --git a/services/datcore-adapter/requirements/_test.txt b/services/datcore-adapter/requirements/_test.txt
@@ -159,7 +159,7 @@ typing-extensions==3.10.0.2
     #   -c requirements/_base.txt
     #   astroid
     #   pylint
-urllib3==1.26.6
+urllib3==1.26.7
     # via
     #   -c requirements/../../../requirements/constraints.txt
     #   -c requirements/_base.txt
diff --git a/services/storage/requirements/_base.txt b/services/storage/requirements/_base.txt
diff --git a/services/storage/requirements/_test.txt b/services/storage/requirements/_test.txt
diff --git a/services/web/server/requirements/_base.txt b/services/web/server/requirements/_base.txt
diff --git a/services/web/server/requirements/_packages.txt b/services/web/server/requirements/_packages.txt
