⬆️ Maintenance/security update httpx (ITISFoundation#3087)

Author: pcrespov

packages/models-library/src/models_library/service_settings_labels.py

@@ -264,6 +264,7 @@ class Config(_BaseConfig):
         extra = Extra.allow
         schema_extra = {
             "examples": [
+                # WARNING: do not change order. Used in tests!
                 # legacy service
                 {
                     "simcore.service.settings": json.dumps(

requirements/constraints.txt

@@ -10,14 +10,15 @@
 #
 aiohttp>=3.7.4                                # https://github.com/advisories/GHSA-v6wp-4m6f-gcjg
 cryptography>=3.3.2                           # https://github.com/advisories/GHSA-rhm9-p9w5-fwm7  Feb.2021
+httpx>=0.23.0                                 # https://github.com/advisories/GHSA-h8pj-cxx2-jfg2 / CVE-2021-41945
 jinja2>=2.11.3                                # https://github.com/advisories/GHSA-g3rq-g295-4j3m
+paramiko>=2.10.1                              # https://github.com/advisories/GHSA-f8q4-jwww-x3wv
 pydantic>=1.8.2                               # https://github.com/advisories/GHSA-5jqp-qgf6-3pvh
 pyyaml>=5.4                                   # https://github.com/advisories/GHSA-8q59-q68h-6hv4
 rsa>=4.1                                      # https://github.com/advisories/GHSA-537h-rv9q-vvph
 sqlalchemy[postgresql_psycopg2binary]>=1.3.3  # https://nvd.nist.gov/vuln/detail/CVE-2019-7164
 sqlalchemy>=1.3.3                             # https://nvd.nist.gov/vuln/detail/CVE-2019-7164
 urllib3>=1.26.5                               # https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
-paramiko>=2.10.1                              # https://github.com/advisories/GHSA-f8q4-jwww-x3wv
 
 #
 # Breaking changes

services/api-server/requirements/_base.txt

@@ -70,7 +70,6 @@ cffi==1.15.0
 charset-normalizer==2.0.12
     # via
     #   aiohttp
-    #   httpx
     #   requests
 click==8.0.4
     # via
@@ -113,12 +112,24 @@ h11==0.12.0
     # via
     #   httpcore
     #   uvicorn
-httpcore==0.14.7
+httpcore==0.15.0
     # via httpx
 httptools==0.2.0
     # via uvicorn
-httpx==0.22.0
-    # via -r requirements/_base.in
+httpx==0.23.0
+    # via
+    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/postgres-database/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/postgres-database/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../requirements/constraints.txt
+    #   -r requirements/_base.in
 idna==3.3
     # via
     #   anyio

services/api-server/requirements/_test.txt

@@ -63,7 +63,6 @@ cfn-lint==0.60.1
 charset-normalizer==2.0.12
     # via
     #   -c requirements/_base.txt
-    #   httpx
     #   requests
 click==8.0.4
     # via
@@ -131,12 +130,13 @@ h11==0.12.0
     # via
     #   -c requirements/_base.txt
     #   httpcore
-httpcore==0.14.7
+httpcore==0.15.0
     # via
     #   -c requirements/_base.txt
     #   httpx
-httpx==0.22.0
+httpx==0.23.0
     # via
+    #   -c requirements/../../../requirements/constraints.txt
     #   -c requirements/_base.txt
     #   respx
 idna==3.3

services/catalog/requirements/_base.txt

@@ -35,8 +35,6 @@ certifi==2020.12.5
     #   requests
 chardet==3.0.4
     # via requests
-charset-normalizer==2.0.10
-    # via httpx
 click==8.0.3
     # via
     #   typer
@@ -60,12 +58,19 @@ h11==0.12.0
     # via
     #   httpcore
     #   uvicorn
-httpcore==0.14.4
+httpcore==0.15.0
     # via httpx
 httptools==0.2.0
     # via uvicorn
-httpx==0.21.3
-    # via -r requirements/_base.in
+httpx==0.23.0
+    # via
+    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/postgres-database/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../requirements/constraints.txt
+    #   -r requirements/_base.in
 idna==2.10
     # via
     #   anyio
@@ -215,3 +220,6 @@ websockets==10.1
     # via uvicorn
 yarl==1.6.3
     # via -r requirements/../../../packages/postgres-database/requirements/_base.in
+
+# The following packages are considered to be unsafe in a requirements file:
+# setuptools

services/catalog/requirements/_test.txt

@@ -48,10 +48,7 @@ chardet==3.0.4
     #   -c requirements/_base.txt
     #   requests
 charset-normalizer==2.0.10
-    # via
-    #   -c requirements/_base.txt
-    #   aiohttp
-    #   httpx
+    # via aiohttp
 click==8.0.3
     # via
     #   -c requirements/_base.txt
@@ -101,12 +98,13 @@ h11==0.12.0
     # via
     #   -c requirements/_base.txt
     #   httpcore
-httpcore==0.14.4
+httpcore==0.15.0
     # via
     #   -c requirements/_base.txt
     #   httpx
-httpx==0.21.3
+httpx==0.23.0
     # via
+    #   -c requirements/../../../requirements/constraints.txt
     #   -c requirements/_base.txt
     #   respx
 idna==2.10

services/datcore-adapter/requirements/_base.txt

@@ -32,9 +32,7 @@ certifi==2021.10.8
     #   httpx
     #   requests
 charset-normalizer==2.0.12
-    # via
-    #   httpx
-    #   requests
+    # via requests
 click==8.1.2
     # via
     #   typer
@@ -73,12 +71,18 @@ h2==4.1.0
     # via httpx
 hpack==4.0.0
     # via h2
-httpcore==0.14.7
+httpcore==0.15.0
     # via httpx
 httptools==0.4.0
     # via uvicorn
-httpx==0.22.0
-    # via -r requirements/_base.in
+httpx==0.23.0
+    # via
+    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../requirements/constraints.txt
+    #   -r requirements/_base.in
 hyperframe==6.0.1
     # via h2
 idna==3.3
@@ -215,3 +219,6 @@ websockets==10.2
     # via uvicorn
 wrapt==1.14.0
     # via deprecated
+
+# The following packages are considered to be unsafe in a requirements file:
+# setuptools

services/datcore-adapter/requirements/_test.txt

@@ -23,7 +23,6 @@ certifi==2021.10.8
 charset-normalizer==2.0.12
     # via
     #   -c requirements/_base.txt
-    #   httpx
     #   requests
 codecov==2.1.12
     # via -r requirements/_test.in
@@ -49,12 +48,13 @@ h11==0.12.0
     # via
     #   -c requirements/_base.txt
     #   httpcore
-httpcore==0.14.7
+httpcore==0.15.0
     # via
     #   -c requirements/_base.txt
     #   httpx
-httpx==0.22.0
+httpx==0.23.0
     # via
+    #   -c requirements/../../../requirements/constraints.txt
     #   -c requirements/_base.txt
     #   respx
 icdiff==2.0.5

services/director-v2/requirements/_base.txt

@@ -83,9 +83,7 @@ certifi==2021.5.30
 chardet==4.0.0
     # via requests
 charset-normalizer==2.0.10
-    # via
-    #   aiohttp
-    #   httpx
+    # via aiohttp
 click==8.1.2
     # via
     #   -r requirements/../../../services/dask-sidecar/requirements/_dask-distributed.txt
@@ -143,12 +141,26 @@ heapdict==1.0.1
     # via
     #   -r requirements/../../../services/dask-sidecar/requirements/_dask-distributed.txt
     #   zict
-httpcore==0.14.4
+httpcore==0.15.0
     # via httpx
 httptools==0.2.0
     # via uvicorn
-httpx==0.21.3
-    # via -r requirements/_base.in
+httpx==0.23.0
+    # via
+    #   -c requirements/../../../packages/dask-task-models-library/requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/dask-task-models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/postgres-database/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/postgres-database/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/service-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../packages/simcore-sdk/requirements/../../../requirements/constraints.txt
+    #   -c requirements/../../../requirements/constraints.txt
+    #   -r requirements/_base.in
 idna==2.10
     # via
     #   anyio
@@ -183,7 +195,9 @@ jsonschema==3.2.0
     #   -c requirements/../../../packages/service-library/requirements/././constraints.txt
     #   -c requirements/../../../packages/service-library/requirements/./constraints.txt
     #   -c requirements/../../../packages/simcore-sdk/requirements/../../../packages/service-library/requirements/./constraints.txt
-    #   -r requirements/../../../packages/simcore-sdk/requirements/_base.in
+    #   -r requirements/../../../packages/dask-task-models-library/requirements/../../../packages/models-library/requirements/_base.in
+    #   -r requirements/../../../packages/models-library/requirements/_base.in
+    #   -r requirements/../../../packages/simcore-sdk/requirements/../../../packages/models-library/requirements/_base.in
 locket==0.2.1
     # via
     #   -r requirements/../../../services/dask-sidecar/requirements/_dask-distributed.txt

services/director-v2/requirements/_test.txt

@@ -85,7 +85,6 @@ charset-normalizer==2.0.10
     # via
     #   -c requirements/_base.txt
     #   aiohttp
-    #   httpx
 codecov==2.1.12
     # via -r requirements/_test.in
 colorlog==6.6.0
@@ -141,12 +140,13 @@ h11==0.12.0
     # via
     #   -c requirements/_base.txt
     #   httpcore
-httpcore==0.14.4
+httpcore==0.15.0
     # via
     #   -c requirements/_base.txt
     #   httpx
-httpx==0.21.3
+httpx==0.23.0
     # via
+    #   -c requirements/../../../requirements/constraints.txt
     #   -c requirements/_base.txt
     #   respx
 icdiff==2.0.5