⬆️ Security update and tuning e2e (ITISFoundation#5618)

Author: pcrespov

packages/aws-library/requirements/_base.txt

@@ -66,7 +66,7 @@ multidict==6.0.4
     # via
     #   aiohttp
     #   yarl
-orjson==3.9.10
+orjson==3.10.0
 pamqp==3.2.1
     # via aiormq
 pydantic==1.10.13

packages/dask-task-models-library/requirements/_base.txt

@@ -43,7 +43,7 @@ mdurl==0.1.2
     # via markdown-it-py
 msgpack==1.0.7
     # via distributed
-orjson==3.9.10
+orjson==3.10.0
 packaging==23.2
     # via
     #   dask

packages/models-library/requirements/_base.txt

@@ -12,7 +12,7 @@ idna==3.4
 jsonschema==4.19.2
 jsonschema-specifications==2023.7.1
     # via jsonschema
-orjson==3.9.10
+orjson==3.10.0
 pydantic==1.10.13
 python-dateutil==2.8.2
     # via arrow

packages/notifications-library/requirements/_base.txt

@@ -38,7 +38,7 @@ mdurl==0.1.2
     # via markdown-it-py
 multidict==6.0.5
     # via yarl
-orjson==3.9.15
+orjson==3.10.0
 psycopg2-binary==2.9.9
     # via sqlalchemy
 pydantic==1.10.14

packages/service-integration/requirements/_base.txt

@@ -31,7 +31,7 @@ markdown-it-py==3.0.0
     # via rich
 mdurl==0.1.2
     # via markdown-it-py
-orjson==3.9.10
+orjson==3.10.0
 packaging==23.2
     # via
     #   docker

packages/service-library/requirements/_base.txt

@@ -45,7 +45,7 @@ multidict==6.0.4
     # via
     #   aiohttp
     #   yarl
-orjson==3.9.10
+orjson==3.10.0
 pamqp==3.2.1
     # via aiormq
 pydantic==1.10.13

packages/simcore-sdk/requirements/_base.txt

@@ -57,7 +57,7 @@ multidict==6.0.4
     # via
     #   aiohttp
     #   yarl
-orjson==3.9.10
+orjson==3.10.0
 packaging==23.2
 pamqp==3.2.1
     # via aiormq

requirements/constraints.txt

@@ -15,6 +15,7 @@ cryptography>=41.0.6                          # https://github.com/advisories/GH
 httpx>=0.23.0                                 # https://github.com/advisories/GHSA-h8pj-cxx2-jfg2 / CVE-2021-41945
 jinja2>=2.11.3                                # https://github.com/advisories/GHSA-g3rq-g295-4j3m
 mako>=1.2.2                                   # https://github.com/advisories/GHSA-v973-fxgf-6xhp
+orjson>=3.9.15                                # https://github.com/advisories/GHSA-pwr2-4v36-6qpr
 paramiko>=2.10.1                              # https://github.com/advisories/GHSA-f8q4-jwww-x3wv
 py>=1.11.0                                    # https://github.com/advisories/GHSA-w596-4wvx-j9j6 / CVE-2022-42969
 pydantic>=1.8.2                               # https://github.com/advisories/GHSA-5jqp-qgf6-3pvh

services/agent/requirements/_base.txt

@@ -1,33 +1,13 @@
-#
-# This file is autogenerated by pip-compile with Python 3.10
-# by the following command:
-#
-#    pip-compile --output-file=requirements/_base.txt --strip-extras requirements/_base.in
-#
 aiodocker==0.21.0
-    # via
-    #   -c requirements/../../../packages/service-library/requirements/./_base.in
-    #   -r requirements/_base.in
 aiohttp==3.8.5
-    # via
-    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../requirements/constraints.txt
-    #   aiodocker
+    # via aiodocker
 aiosignal==1.2.0
     # via aiohttp
 anyio==3.6.2
     # via
     #   httpx
     #   starlette
 arrow==1.2.3
-    # via
-    #   -c requirements/../../../packages/service-library/requirements/./_base.in
-    #   -r requirements/../../../packages/models-library/requirements/_base.in
-    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/_base.in
 async-timeout==4.0.2
     # via aiohttp
 attrs==21.4.0
@@ -36,12 +16,6 @@ attrs==21.4.0
     #   jsonschema
 certifi==2023.11.17
     # via
-    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../requirements/constraints.txt
     #   httpcore
     #   httpx
 charset-normalizer==2.1.1
@@ -55,16 +29,7 @@ dnspython==2.2.1
 email-validator==1.3.0
     # via pydantic
 fastapi==0.96.0
-    # via
-    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../requirements/constraints.txt
-    #   -r requirements/../../../packages/service-library/requirements/_fastapi.in
-    #   -r requirements/_base.in
-    #   prometheus-fastapi-instrumentator
+    # via prometheus-fastapi-instrumentator
 frozenlist==1.3.1
     # via
     #   aiohttp
@@ -76,24 +41,13 @@ h11==0.14.0
 httpcore==1.0.2
     # via httpx
 httpx==0.26.0
-    # via
-    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../requirements/constraints.txt
-    #   -r requirements/../../../packages/service-library/requirements/_fastapi.in
 idna==3.4
     # via
     #   anyio
     #   email-validator
     #   httpx
     #   yarl
 jsonschema==3.2.0
-    # via
-    #   -r requirements/../../../packages/models-library/requirements/_base.in
-    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/_base.in
 markdown-it-py==3.0.0
     # via rich
 mdurl==0.1.2
@@ -102,43 +56,23 @@ multidict==6.0.2
     # via
     #   aiohttp
     #   yarl
-orjson==3.9.7
-    # via
-    #   -r requirements/../../../packages/models-library/requirements/_base.in
-    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/_base.in
+orjson==3.10.0
 packaging==23.1
-    # via -r requirements/_base.in
 prometheus-client==0.19.0
     # via prometheus-fastapi-instrumentator
 prometheus-fastapi-instrumentator==6.1.0
-    # via -r requirements/../../../packages/service-library/requirements/_fastapi.in
 pydantic==1.10.2
-    # via
-    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./_base.in
-    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../requirements/constraints.txt
-    #   -r requirements/../../../packages/models-library/requirements/_base.in
-    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/_base.in
-    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/_base.in
-    #   -r requirements/../../../packages/settings-library/requirements/_base.in
-    #   -r requirements/_base.in
-    #   fastapi
+    # via fastapi
 pygments==2.15.1
     # via rich
 pyrsistent==0.19.2
     # via jsonschema
 python-dateutil==2.8.2
     # via arrow
 python-dotenv==1.0.0
-    # via -r requirements/_base.in
 rich==13.4.2
-    # via
-    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/_base.in
-    #   -r requirements/../../../packages/settings-library/requirements/_base.in
+setuptools==69.2.0
+    # via jsonschema
 six==1.16.0
     # via
     #   jsonschema
@@ -148,28 +82,12 @@ sniffio==1.3.0
     #   anyio
     #   httpx
 starlette==0.27.0
-    # via
-    #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/models-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/service-library/requirements/./../../../requirements/constraints.txt
-    #   -c requirements/../../../packages/settings-library/requirements/../../../requirements/constraints.txt
-    #   -c requirements/../../../requirements/constraints.txt
-    #   fastapi
+    # via fastapi
 typer==0.6.1
-    # via
-    #   -r requirements/../../../packages/service-library/requirements/./../../../packages/settings-library/requirements/_base.in
-    #   -r requirements/../../../packages/settings-library/requirements/_base.in
 typing-extensions==4.4.0
     # via
     #   aiodocker
     #   pydantic
 uvicorn==0.19.0
-    # via
-    #   -r requirements/../../../packages/service-library/requirements/_fastapi.in
-    #   -r requirements/_base.in
 yarl==1.9.2
     # via aiohttp
-
-# The following packages are considered to be unsafe in a requirements file:
-# setuptools

services/autoscaling/requirements/_base.txt

@@ -111,7 +111,7 @@ multidict==6.0.5
     # via
     #   aiohttp
     #   yarl
-orjson==3.9.15
+orjson==3.10.0
 packaging==23.1
     # via
     #   dask