Updated bot signature and have ignored currently un-fixable vulnerabi…

…lities

.github/workflows/main.yml

@@ -72,10 +72,28 @@ jobs:
         run: |
           git fetch --tags
           echo "tag=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV
+      - name: Import BOT GPG key
+        run: echo $BOT_GPG_KEY | base64 --decode | gpg --batch --import
+        env:
+          BOT_GPG_KEY: ${{ secrets.BOT_GPG_KEY }}
+      - name: Prepare gpg CLI signing step
+        run: |
+          rm -rf /tmp/gpg.sh
+          echo '#!/bin/bash' >> /tmp/gpg.sh
+          echo 'gpg --batch --pinentry-mode=loopback --passphrase $BOT_GPG_KEY_PASSPHRASE $@' >> /tmp/gpg.sh
+          chmod +x /tmp/gpg.sh
+      - name: Setup git
+        run: |
+          git config commit.gpgsign true
+          git config user.signingkey "${{ secrets.BOT_GPG_KEY_ID }}"
+          git config gpg.program /tmp/gpg.sh
+          git config user.name "${{ secrets.BOT_USERNAME }}"
+          git config user.email "${{ secrets.BOT_EMAIL }}"
       - name: update versions
         if: github.ref != 'refs/heads/main'
         env:
           GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
+          BOT_GPG_KEY_PASSPHRASE: ${{ secrets.BOT_GPG_KEY_PASSPHRASE }}
           COMMIT_MSG: |
             auto patch increment
         shell: bash

Makefile

@@ -8,7 +8,7 @@ build-kubernetes:
 	docker build -f _infra/docker/Dockerfile .
 
 lint:
-	pipenv check ./application ./tests -i 51457
+	pipenv check ./application ./tests  -i 70612 -i 70624
 	pipenv run isort .
 	pipenv run black --line-length 120 .
 	pipenv run flake8 ./application ./tests

Pipfile

@@ -8,7 +8,7 @@ python_version = "3.11"
 
 [packages]
 flask = "*"
-flask-cors = "*"
+flask-cors = "4.0.1"
 gunicorn = "*"
 gevent = {version = "*", platform_python_implementation="=='CPython'"}
 sqlalchemy = "*"
@@ -25,6 +25,7 @@ pycryptodome = "*"
 requestsdefaulter = "*"
 google-cloud-storage = "*"
 google-cloud-pubsub = "*"
+jinja2 = "*"
 
 [dev-packages]
 black = "*"