diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 4ba1b65..34ddf82 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -10,7 +10,7 @@ jobs: cd-job: name: Continuous Delivery - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: SCM Checkout diff --git a/.github/workflows/check-release-tag.yml b/.github/workflows/check-release-tag.yml index 5415fd0..344df0b 100644 --- a/.github/workflows/check-release-tag.yml +++ b/.github/workflows/check-release-tag.yml @@ -7,7 +7,7 @@ jobs: check-tag-version-job: name: Check Tag Version - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: SCM Checkout diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index bd9d8f2..314d615 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -10,7 +10,7 @@ jobs: Version-Check: name: Version - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: SCM Checkout @@ -27,7 +27,7 @@ jobs: Documentation: name: Build Documentation needs: [ Version-Check ] - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: SCM Checkout @@ -43,7 +43,7 @@ jobs: Lint: name: Linting (Python-${{ matrix.python-version }}) needs: [ Version-Check ] - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: @@ -71,7 +71,7 @@ jobs: Type-Check: name: Type Checking (Python-${{ matrix.python-version }}) needs: [ Version-Check ] - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: @@ -92,11 +92,7 @@ jobs: Security: name: Security Checks (Python-${{ matrix.python-version }}) needs: [ Version-Check ] - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - python-version: ["3.10", "3.11"] + runs-on: ubuntu-24.04 steps: - name: SCM Checkout @@ -142,6 +138,7 @@ jobs: sudo rm -rf /usr/local/share/chromium sudo rm -rf /usr/local/lib/node_modules sudo rm -rf /opt/ghc + - name: Allow unprivileged user namespaces run: | sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 @@ -152,7 +149,7 @@ jobs: python-version: ${{ matrix.python-version }} - name: Calculate Test Coverage - run: poetry run nox -s test:coverage + run: poetry run nox -s coverage env: TEST_DB_VERSION: ${{matrix.exasol-version}} PYTEST_ADDOPTS: > diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index dfdac63..135ef8c 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -7,7 +7,7 @@ on: jobs: documentation-job: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: SCM Checkout diff --git a/.github/workflows/report.yml b/.github/workflows/report.yml index bb74336..95e4b37 100644 --- a/.github/workflows/report.yml +++ b/.github/workflows/report.yml @@ -9,6 +9,7 @@ on: jobs: report: + name: Generate Status Report runs-on: ubuntu-latest env: GITHUB_TOKEN: ${{ secrets.ALTERNATIVE_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -30,9 +31,8 @@ jobs: - name: Copy Artifacts into Root Folder working-directory: ./artifacts run: | - cp coverage-python3.9/.coverage ../ - cp lint-python3.9/.lint.txt ../ - cp security-python3.9/.security.json ../ + cp .coverage/.coverage ../ + cp .lint.txt/.lint.txt ../ - name: Generate Report run: poetry run nox -s project:report -- -- --format json | tee metrics.json diff --git a/doc/changes/unreleased.md b/doc/changes/unreleased.md index 0d66366..4c56c66 100644 --- a/doc/changes/unreleased.md +++ b/doc/changes/unreleased.md @@ -2,6 +2,10 @@ ## Changes +## Security Issues + +* #146: Fixed vulnerabilities by updating dependencies + ### Bug fixing * #143: itde_manager.bring_itde_up() fails if the container is not connected to the network diff --git a/poetry.lock b/poetry.lock index e00ae66..39c8cb8 100644 --- a/poetry.lock +++ b/poetry.lock @@ -4385,13 +4385,13 @@ telegram = ["requests"] [[package]] name = "transformers" -version = "4.47.1" +version = "4.47.0" description = "State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow" optional = false python-versions = ">=3.9.0" files = [ - {file = "transformers-4.47.1-py3-none-any.whl", hash = "sha256:d2f5d19bb6283cd66c893ec7e6d931d6370bbf1cc93633326ff1f41a40046c9c"}, - {file = "transformers-4.47.1.tar.gz", hash = "sha256:6c29c05a5f595e278481166539202bf8641281536df1c42357ee58a45d0a564a"}, + {file = "transformers-4.47.0-py3-none-any.whl", hash = "sha256:a8e1bafdaae69abdda3cad638fe392e37c86d2ce0ecfcae11d60abb8f949ff4d"}, + {file = "transformers-4.47.0.tar.gz", hash = "sha256:f8ead7a5a4f6937bb507e66508e5e002dc5930f7b6122a9259c37b099d0f3b19"}, ] [package.dependencies] @@ -4695,4 +4695,4 @@ type = ["pytest-mypy"] [metadata] lock-version = "2.0" python-versions = ">=3.10,<4.0" -content-hash = "1ec1a90ca656a7071080d1baff70ec5ce4a48291016f79609ae1c9c7ede17ba4" +content-hash = "eedd56cdc27d81820d2f72d4dc51b3f98f2ed0ceec28e78d307ec1edcf85fdb0" diff --git a/test/unit/test_itde_manager.py b/test/unit/test_itde_manager.py index 39020d1..3e75cae 100644 --- a/test/unit/test_itde_manager.py +++ b/test/unit/test_itde_manager.py @@ -57,6 +57,7 @@ def test_bring_itde_up(mock_spawn_env, secrets, env_info): nameserver=(NAME_SERVER_ADDRESS,), db_mem_size="4 GiB", db_disk_size="10 GiB", + docker_db_image_version="8.18.1", ) assert secrets.get(CKey.itde_container) == TEST_CONTAINER_NAME