From 437139f51e31c14458ea008f608d1fa006790e8d Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Wed, 7 Dec 2022 00:25:12 -0500 Subject: [PATCH 01/24] WIP still need to pin some versions --- Dockerfile | 67 +++++++++++++++++++--------------- docker.list | 2 +- requirements.txt | 93 +++++++++++++++++++++++++++++++----------------- 3 files changed, 99 insertions(+), 63 deletions(-) diff --git a/Dockerfile b/Dockerfile index cfcd43d..47708c7 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,29 +1,34 @@ -FROM python:3.6-jessie -MAINTAINER Michael J. Stealey - +FROM python:3.9-bullseye ENV DEBIAN_FRONTEND noninteractive ENV PY_SAX_PARSER=hs_core.xmlparser -RUN printf "deb http://deb.debian.org/debian/ jessie main\ndeb http://security.debian.org jessie/updates main" > /etc/apt/sources.list +RUN printf "deb http://deb.debian.org/debian/ bullseye main\ndeb http://security.debian.org/debian-security bullseye-security main" > /etc/apt/sources.list RUN apt-get update && apt-get install -y \ apt-transport-https \ ca-certificates \ - sudo \ - && apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D + curl \ + gnupg \ + lsb-release \ + sudo -RUN curl -sL https://deb.nodesource.com/setup_7.x | sudo -E bash - +RUN sudo mkdir -p /etc/apt/keyrings +RUN curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg -# Add docker.list and requirements.txt - using /tmp to keep hub.docker happy -COPY . /tmp -RUN cp /tmp/docker.list /etc/apt/sources.list.d/ \ - && cp /tmp/requirements.txt /requirements.txt +RUN echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ + $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + +RUN apt-get update && sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin +RUN curl -sL https://deb.nodesource.com/setup_lts.x | sudo -E bash - + +COPY docker.list /etc/apt/sources.list.d/ RUN sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7EA0A9C3F273FCD8 -RUN sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list' \ - && wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add - +RUN sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' +RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - RUN apt-get update && apt-get install -y --fix-missing --no-install-recommends \ apt-utils \ @@ -36,9 +41,9 @@ RUN apt-get update && apt-get install -y --fix-missing --no-install-recommends \ gdal-bin \ build-essential \ libgdal-dev \ - libgdal1h \ - postgresql-9.4 \ - postgresql-client-9.4 \ + gnupg2 \ + postgresql-15 \ + postgresql-client-15 \ git \ rsync \ openssh-client \ @@ -51,9 +56,12 @@ RUN npm install -g phantomjs-prebuilt WORKDIR / #install numpy before matplotlib -RUN pip install 'numpy==1.16.0' +RUN pip install 'numpy==1.16.*' -RUN pip install git+https://github.com/sblack-usu/defusedexpat.git +# Removed defusedexpat (python 3.9) +# Added defusedxml +# https://docs.python.org/3.9/library/xml.html?highlight=xml#the-defusedxml-package +# https://github.com/python/cpython/issues/82766 # Install pip based packages (due to dependencies some packages need to come first) RUN export CPLUS_INCLUDE_PATH=/usr/include/gdal @@ -61,14 +69,20 @@ RUN export C_INCLUDE_PATH=/usr/include/gdal RUN export GEOS_CONFIG=/usr/bin/geos-config RUN HDF5_INCDIR=/usr/include/hdf5/serial RUN pip install --upgrade pip +RUN pip install 'setuptools<58.0.0' +# Add docker.list and requirements.txt - using /tmp to keep hub.docker happy +COPY . /tmp +RUN cp /tmp/requirements.txt /requirements.txt RUN pip install -r requirements.txt -# Install GDAL 2.4.1 from source -RUN wget http://download.osgeo.org/gdal/2.4.1/gdal-2.4.1.tar.gz \ - && tar -xzf gdal-2.4.1.tar.gz \ - && rm gdal-2.4.1.tar.gz +# foresite-toolkit in pip isn't compatible with python3 +RUN pip install git+https://github.com/sblack-usu/foresite-toolkit.git#subdirectory=foresite-python/trunk + +RUN wget https://ftp.osuosl.org/pub/osgeo/download/gdal/3.5.2/gdal-3.5.2.tar.gz \ + && tar -xzf gdal-3.5.2.tar.gz \ + && rm gdal-3.5.2.tar.gz -WORKDIR /gdal-2.4.1 +WORKDIR /gdal-3.5.2 RUN ./configure --with-python --with-geos=yes \ && make \ && sudo make install \ @@ -77,18 +91,13 @@ WORKDIR / # Install iRODS RUN wget -qO - https://packages.irods.org/irods-signing-key.asc | sudo apt-key add - \ - && echo "deb [arch=amd64] https://packages.irods.org/apt/ trusty main" | \ + && echo "deb [arch=amd64] https://packages.irods.org/apt/ bullseye main" | \ sudo tee /etc/apt/sources.list.d/renci-irods.list \ && sudo apt-get update && sudo apt-get install -y \ apt-transport-https \ irods-runtime \ irods-icommands -# inplaceedit in pip doesn't seem compatible with Django 1.11 yet... -RUN pip install git+https://github.com/theromis/django-inplaceedit.git@e6fa12355defedf769a5f06edc8fc079a6e982ec -# foresite-toolkit in pip isn't compatible with python3 -RUN pip install git+https://github.com/sblack-usu/foresite-toolkit.git#subdirectory=foresite-python/trunk - # Install SSH for remote PyCharm debugging RUN mkdir /var/run/sshd RUN sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config diff --git a/docker.list b/docker.list index c3d510a..85d0823 100644 --- a/docker.list +++ b/docker.list @@ -1 +1 @@ -deb https://download.docker.com/linux/debian jessie stable +deb https://download.docker.com/linux/debian bullseye stable diff --git a/requirements.txt b/requirements.txt index 8f48df3..702bc79 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,47 +1,74 @@ +# TODO: organize and tag +deepdiff==1.7.0 +pytest-cov==3.0.0 +rdflib==5.0.0 +git+https://github.com/hydroshare/hsmodels.git@0.5.3#egg=hsmodels +six==1.16.0 +sorl-thumbnail==12.8.0 +Django==3.2.15 +Mezzanine==5.1.4 +requests==2.27.1 +django-security==0.12.0 +django-braces==1.15.0 +django-compressor==4.1 +django-appconf==1.0.5 +django-contrib-comments==2.2.0 +django-cors-headers==3.10.1 +django-crispy-forms==1.13.0 +django-debug-toolbar==3.2.4 +django-jsonfield==1.4.1 +django-oauth-toolkit==2.1.0 +django-robots==4.0 +django-autocomplete-light==2.3.6 +django-haystack==3.1.1 +djangorestframework==3.13.1 +drf-haystack +drf-yasg==1.20.0 + + amqp==2.5.2 anyjson==0.3.3 arrow==0.7.0 autopep8==1.2.2 bagit==1.5.4 celery==4.4.0 -cffi==1.11.5 +cffi click==6.7 coreapi==2.3.3 -coverage==4.0.3 +coverage cycler==0.10.0 #defusedexpat==0.4 -defusedxml==0.4.1 -Django==1.11.29 -django-appconf==1.0.2 -django-autocomplete-light==2.3.3 -django-braces==1.9.0 -django-compressor==2.2 -django-contrib-comments==1.9.0 -django-cors-headers==2.4.0 -django-crispy-forms==1.7.2 -django-debug-toolbar==1.9.1 +defusedxml +Django==3.2.15 +# django-appconf==1.0.2 +# django-autocomplete-light==2.3.3 +# django-braces==1.9.0 +# django-compressor==2.2 +# django-contrib-comments==1.9.0 +# django-cors-headers==2.4.0 +# django-crispy-forms==1.7.2 +# django-debug-toolbar==1.9.1 django-freshly==0.1.2 -django-haystack==2.8.1 +# django-haystack==2.8.1 django-heartbeat==2.0.2 django-ipware==2.1.0 -django-jsonfield==1.0.1 +# django-jsonfield==1.0.1 django-modeltranslation==0.12.2 django-nose==1.4.5 -django-oauth-toolkit==1.1.0 -django-robots==2.0 -django-security==0.9.3 +# django-oauth-toolkit==1.1.0 +# django-robots==2.0 +# django-security==0.9.3 django-test-without-migrations==0.6 django-timedeltafield==0.7.10 django-widget-tweaks==1.4.1 -djangorestframework==3.11.0 +# djangorestframework==3.11.0 docker-py==1.7.2 dominate==2.4.0 DoubleMetaphone==0.1 -drf-haystack==1.8.5 -drf-yasg==1.17.1 +# drf-haystack==1.8.5 +# drf-yasg==1.17.1 ecdsa==0.13.3 -enum34==1.1.6 -filebrowser-safe==0.5.0 +filebrowser-safe flake8==3.5.0 flex==6.14.1 flower==0.9.3 @@ -50,8 +77,8 @@ funcsigs==1.0.2 future==0.16.0 geojson==1.3.2 geopy==1.16.0 -gevent==1.4.0 -grappelli-safe==0.5.1 +gevent +grappelli-safe gunicorn==19.6.0 html5lib==0.9999999 inflection==0.3.1 @@ -64,10 +91,10 @@ kombu==4.6.7 lxml==4.4.0 #mapnik==0.1 Markdown==3.0.1 -MarkupSafe==1.0 +MarkupSafe matplotlib==3.1.2 mccabe==0.6.1 -Mezzanine==4.3.1 +# Mezzanine==4.3.1 mock==1.3.0 nameparser==0.5.7 netCDF4==1.5.1.2 @@ -87,19 +114,19 @@ pycodestyle==2.3.1 PyCRS==1.0.1 pyflakes==1.6.0 pylint==1.5.5 -pyproj==1.9.5.1 +pyproj pysolr==3.4.0 pysqlite3==0.2.1 pytest-django>=3.4.7, <4.0.0 -python-crfsuite==0.9.6 -python-dateutil==2.5.3 +python-crfsuite +python-dateutil python-irodsclient==0.8.1 -pytz==2016.3 +pytz PyYAML==5.3 -rcssmin==1.0.6 -rdflib==4.0.1 +rcssmin +# rdflib==4.0.1 redis==2.10.5 -requests==2.20.0 +# requests==2.20.0 rfc3987==1.3.8 robot-detection==0.4 selenium==3.0.2 From 94ee6075d1b7ca46e7004596d0460ea45f848e21 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Wed, 7 Dec 2022 08:45:32 -0500 Subject: [PATCH 02/24] pin versions --- requirements.txt | 53 +++++++++++++----------------------------------- 1 file changed, 14 insertions(+), 39 deletions(-) diff --git a/requirements.txt b/requirements.txt index 702bc79..46155de 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,3 @@ -# TODO: organize and tag deepdiff==1.7.0 pytest-cov==3.0.0 rdflib==5.0.0 @@ -22,63 +21,43 @@ django-robots==4.0 django-autocomplete-light==2.3.6 django-haystack==3.1.1 djangorestframework==3.13.1 -drf-haystack +drf-haystack==1.5.6 drf-yasg==1.20.0 - - -amqp==2.5.2 +amqp==2.6.1 anyjson==0.3.3 arrow==0.7.0 autopep8==1.2.2 bagit==1.5.4 -celery==4.4.0 -cffi +celery==4.4.7 +cffi==1.15.1 click==6.7 coreapi==2.3.3 -coverage +coverage==6.5.0 cycler==0.10.0 -#defusedexpat==0.4 -defusedxml +defusedxml==0.7.1 Django==3.2.15 -# django-appconf==1.0.2 -# django-autocomplete-light==2.3.3 -# django-braces==1.9.0 -# django-compressor==2.2 -# django-contrib-comments==1.9.0 -# django-cors-headers==2.4.0 -# django-crispy-forms==1.7.2 -# django-debug-toolbar==1.9.1 django-freshly==0.1.2 -# django-haystack==2.8.1 django-heartbeat==2.0.2 django-ipware==2.1.0 -# django-jsonfield==1.0.1 django-modeltranslation==0.12.2 django-nose==1.4.5 -# django-oauth-toolkit==1.1.0 -# django-robots==2.0 -# django-security==0.9.3 django-test-without-migrations==0.6 django-timedeltafield==0.7.10 django-widget-tweaks==1.4.1 -# djangorestframework==3.11.0 docker-py==1.7.2 dominate==2.4.0 DoubleMetaphone==0.1 -# drf-haystack==1.8.5 -# drf-yasg==1.17.1 ecdsa==0.13.3 -filebrowser-safe +filebrowser-safe==1.1.1 flake8==3.5.0 flex==6.14.1 flower==0.9.3 funcsigs==1.0.2 -#functools32==3.2.3.post2 future==0.16.0 geojson==1.3.2 geopy==1.16.0 -gevent -grappelli-safe +gevent==22.10.2 +grappelli-safe==1.1.1 gunicorn==19.6.0 html5lib==0.9999999 inflection==0.3.1 @@ -87,14 +66,12 @@ Jinja2==2.10.1 jsonpointer==1.14 jsonschema==2.6.0 keepalive==0.5 -kombu==4.6.7 +kombu==4.6.11 lxml==4.4.0 -#mapnik==0.1 Markdown==3.0.1 -MarkupSafe +MarkupSafe==2.1.1 matplotlib==3.1.2 mccabe==0.6.1 -# Mezzanine==4.3.1 mock==1.3.0 nameparser==0.5.7 netCDF4==1.5.1.2 @@ -114,19 +91,17 @@ pycodestyle==2.3.1 PyCRS==1.0.1 pyflakes==1.6.0 pylint==1.5.5 -pyproj +pyproj==3.4.0 pysolr==3.4.0 pysqlite3==0.2.1 pytest-django>=3.4.7, <4.0.0 python-crfsuite python-dateutil python-irodsclient==0.8.1 -pytz +pytz==2022.6 PyYAML==5.3 -rcssmin -# rdflib==4.0.1 +rcssmin==1.1.0 redis==2.10.5 -# requests==2.20.0 rfc3987==1.3.8 robot-detection==0.4 selenium==3.0.2 From d8325a583fb33b8cee4ffdb57661b03f88c112de Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Wed, 7 Dec 2022 16:24:04 -0500 Subject: [PATCH 03/24] bionic/buster instead of bullseye for irods 4.2.x --- Dockerfile | 6 +++--- docker.list | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 47708c7..624c9a4 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ -FROM python:3.9-bullseye +FROM python:3.9-buster ENV DEBIAN_FRONTEND noninteractive ENV PY_SAX_PARSER=hs_core.xmlparser -RUN printf "deb http://deb.debian.org/debian/ bullseye main\ndeb http://security.debian.org/debian-security bullseye-security main" > /etc/apt/sources.list +RUN printf "deb http://deb.debian.org/debian/ buster main\ndeb http://security.debian.org/debian-security buster/updates main" > /etc/apt/sources.list RUN apt-get update && apt-get install -y \ apt-transport-https \ @@ -91,7 +91,7 @@ WORKDIR / # Install iRODS RUN wget -qO - https://packages.irods.org/irods-signing-key.asc | sudo apt-key add - \ - && echo "deb [arch=amd64] https://packages.irods.org/apt/ bullseye main" | \ + && echo "deb [arch=amd64] https://packages.irods.org/apt/ bionic main" | \ sudo tee /etc/apt/sources.list.d/renci-irods.list \ && sudo apt-get update && sudo apt-get install -y \ apt-transport-https \ diff --git a/docker.list b/docker.list index 85d0823..87a1955 100644 --- a/docker.list +++ b/docker.list @@ -1 +1 @@ -deb https://download.docker.com/linux/debian bullseye stable +deb https://download.docker.com/linux/debian buster stable From d704bc557b9efaac869b63b1f7255b37812f9fb8 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Wed, 7 Dec 2022 16:44:27 -0500 Subject: [PATCH 04/24] gdal --- Dockerfile | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 624c9a4..962a460 100755 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,6 @@ RUN apt-get update && apt-get install -y \ apt-transport-https \ ca-certificates \ curl \ - gnupg \ lsb-release \ sudo @@ -41,7 +40,6 @@ RUN apt-get update && apt-get install -y --fix-missing --no-install-recommends \ gdal-bin \ build-essential \ libgdal-dev \ - gnupg2 \ postgresql-15 \ postgresql-client-15 \ git \ @@ -78,11 +76,11 @@ RUN pip install -r requirements.txt # foresite-toolkit in pip isn't compatible with python3 RUN pip install git+https://github.com/sblack-usu/foresite-toolkit.git#subdirectory=foresite-python/trunk -RUN wget https://ftp.osuosl.org/pub/osgeo/download/gdal/3.5.2/gdal-3.5.2.tar.gz \ - && tar -xzf gdal-3.5.2.tar.gz \ - && rm gdal-3.5.2.tar.gz +RUN wget https://ftp.osuosl.org/pub/osgeo/download/gdal/2.4.1/gdal-2.4.1.tar.gz \ + && tar -xzf gdal-2.4.1.tar.gz \ + && rm gdal-2.4.1.tar.gz -WORKDIR /gdal-3.5.2 +WORKDIR /gdal-2.4.1 RUN ./configure --with-python --with-geos=yes \ && make \ && sudo make install \ From 8d7ec0eab26bab6802469a5bafb40fb186038784 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Wed, 7 Dec 2022 19:30:16 -0500 Subject: [PATCH 05/24] pin irods 4.2.11 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 962a460..7e1c230 100755 --- a/Dockerfile +++ b/Dockerfile @@ -93,8 +93,8 @@ RUN wget -qO - https://packages.irods.org/irods-signing-key.asc | sudo apt-key a sudo tee /etc/apt/sources.list.d/renci-irods.list \ && sudo apt-get update && sudo apt-get install -y \ apt-transport-https \ - irods-runtime \ - irods-icommands + irods-runtime=4.2.11 \ + irods-icommands=4.2.11 # Install SSH for remote PyCharm debugging RUN mkdir /var/run/sshd From 881ba1a81e23cef92e177caaf7bb7eb000ad9873 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Thu, 8 Dec 2022 07:18:07 -0500 Subject: [PATCH 06/24] libssl --- Dockerfile | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7e1c230..3b9a53e 100755 --- a/Dockerfile +++ b/Dockerfile @@ -87,15 +87,21 @@ RUN ./configure --with-python --with-geos=yes \ && sudo ldconfig WORKDIR / +# TODO: iROds 4.2.x is holding us to Debian Buster which is EOL. It also requires libssl1.0.0 which is obsolete +# we should upgrade to iRods 4.3, Debian Bullseye, etc but this will require at a minimum, changes to our iinit use in HS +RUN wget http://snapshot.debian.org/archive/debian/20190501T215844Z/pool/main/g/glibc/multiarch-support_2.28-10_amd64.deb +RUN sudo dpkg -i multiarch-support*.deb +RUN wget http://snapshot.debian.org/archive/debian/20170705T160707Z/pool/main/o/openssl/libssl1.0.0_1.0.2l-1%7Ebpo8%2B1_amd64.deb +RUN sudo dpkg -i libssl1.0.0*.deb + # Install iRODS RUN wget -qO - https://packages.irods.org/irods-signing-key.asc | sudo apt-key add - \ && echo "deb [arch=amd64] https://packages.irods.org/apt/ bionic main" | \ sudo tee /etc/apt/sources.list.d/renci-irods.list \ && sudo apt-get update && sudo apt-get install -y \ apt-transport-https \ - irods-runtime=4.2.11 \ - irods-icommands=4.2.11 - + irods-runtime=4.2.10 \ + irods-icommands=4.2.10 # Install SSH for remote PyCharm debugging RUN mkdir /var/run/sshd RUN sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config From 16ea55183b84c4bd0a8c47dfe5fe5a5ae666391b Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Thu, 8 Dec 2022 08:24:00 -0500 Subject: [PATCH 07/24] cache requirements.txt install --- Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3b9a53e..321362c 100755 --- a/Dockerfile +++ b/Dockerfile @@ -68,9 +68,7 @@ RUN export GEOS_CONFIG=/usr/bin/geos-config RUN HDF5_INCDIR=/usr/include/hdf5/serial RUN pip install --upgrade pip RUN pip install 'setuptools<58.0.0' -# Add docker.list and requirements.txt - using /tmp to keep hub.docker happy -COPY . /tmp -RUN cp /tmp/requirements.txt /requirements.txt +COPY ./requirements.txt /requirements.txt RUN pip install -r requirements.txt # foresite-toolkit in pip isn't compatible with python3 From f3035dd7302e94313b6095b0cfd45539a7a626ec Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Thu, 8 Dec 2022 14:35:59 -0500 Subject: [PATCH 08/24] haystack and djangorestframework --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 46155de..490a5d6 100644 --- a/requirements.txt +++ b/requirements.txt @@ -20,8 +20,8 @@ django-oauth-toolkit==2.1.0 django-robots==4.0 django-autocomplete-light==2.3.6 django-haystack==3.1.1 -djangorestframework==3.13.1 -drf-haystack==1.5.6 +djangorestframework==3.12.4 +drf-haystack==1.8.11 drf-yasg==1.20.0 amqp==2.6.1 anyjson==0.3.3 From 45403965a113e67ee7d25cb7949a95b5bacaade9 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Thu, 8 Dec 2022 16:56:42 -0500 Subject: [PATCH 09/24] pip installs late --- Dockerfile | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/Dockerfile b/Dockerfile index 321362c..7bd9cc9 100755 --- a/Dockerfile +++ b/Dockerfile @@ -53,26 +53,10 @@ RUN npm install -g phantomjs-prebuilt WORKDIR / -#install numpy before matplotlib -RUN pip install 'numpy==1.16.*' - -# Removed defusedexpat (python 3.9) -# Added defusedxml -# https://docs.python.org/3.9/library/xml.html?highlight=xml#the-defusedxml-package -# https://github.com/python/cpython/issues/82766 - -# Install pip based packages (due to dependencies some packages need to come first) RUN export CPLUS_INCLUDE_PATH=/usr/include/gdal RUN export C_INCLUDE_PATH=/usr/include/gdal RUN export GEOS_CONFIG=/usr/bin/geos-config RUN HDF5_INCDIR=/usr/include/hdf5/serial -RUN pip install --upgrade pip -RUN pip install 'setuptools<58.0.0' -COPY ./requirements.txt /requirements.txt -RUN pip install -r requirements.txt - -# foresite-toolkit in pip isn't compatible with python3 -RUN pip install git+https://github.com/sblack-usu/foresite-toolkit.git#subdirectory=foresite-python/trunk RUN wget https://ftp.osuosl.org/pub/osgeo/download/gdal/2.4.1/gdal-2.4.1.tar.gz \ && tar -xzf gdal-2.4.1.tar.gz \ @@ -100,6 +84,23 @@ RUN wget -qO - https://packages.irods.org/irods-signing-key.asc | sudo apt-key a apt-transport-https \ irods-runtime=4.2.10 \ irods-icommands=4.2.10 + +# Install pip based packages (due to dependencies some packages need to come first) +#install numpy before matplotlib +RUN pip install 'numpy==1.16.*' + +# Removed defusedexpat (python 3.9) +# Added defusedxml +# https://docs.python.org/3.9/library/xml.html?highlight=xml#the-defusedxml-package +# https://github.com/python/cpython/issues/82766 +RUN pip install --upgrade pip +RUN pip install 'setuptools<58.0.0' +COPY ./requirements.txt /requirements.txt +RUN pip install -r requirements.txt + +# foresite-toolkit in pip isn't compatible with python3 +RUN pip install git+https://github.com/sblack-usu/foresite-toolkit.git#subdirectory=foresite-python/trunk + # Install SSH for remote PyCharm debugging RUN mkdir /var/run/sshd RUN sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config From 78dab6092671e5219378d17e6b042bd1feba4243 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Thu, 8 Dec 2022 16:56:53 -0500 Subject: [PATCH 10/24] markupsafe --- Dockerfile | 4 ++-- requirements.txt | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7bd9cc9..a2facf7 100755 --- a/Dockerfile +++ b/Dockerfile @@ -57,6 +57,8 @@ RUN export CPLUS_INCLUDE_PATH=/usr/include/gdal RUN export C_INCLUDE_PATH=/usr/include/gdal RUN export GEOS_CONFIG=/usr/bin/geos-config RUN HDF5_INCDIR=/usr/include/hdf5/serial +RUN pip install --upgrade pip +RUN pip install 'setuptools<58.0.0' RUN wget https://ftp.osuosl.org/pub/osgeo/download/gdal/2.4.1/gdal-2.4.1.tar.gz \ && tar -xzf gdal-2.4.1.tar.gz \ @@ -93,8 +95,6 @@ RUN pip install 'numpy==1.16.*' # Added defusedxml # https://docs.python.org/3.9/library/xml.html?highlight=xml#the-defusedxml-package # https://github.com/python/cpython/issues/82766 -RUN pip install --upgrade pip -RUN pip install 'setuptools<58.0.0' COPY ./requirements.txt /requirements.txt RUN pip install -r requirements.txt diff --git a/requirements.txt b/requirements.txt index 490a5d6..bab684a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -69,7 +69,7 @@ keepalive==0.5 kombu==4.6.11 lxml==4.4.0 Markdown==3.0.1 -MarkupSafe==2.1.1 +MarkupSafe==2.0.1 matplotlib==3.1.2 mccabe==0.6.1 mock==1.3.0 From f8f1886ea3aae8fd30f9848e84231e5ba5983258 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Fri, 9 Dec 2022 10:02:04 -0500 Subject: [PATCH 11/24] include only high level deps --- requirements.txt | 94 ++++++++++++++---------------------------------- 1 file changed, 27 insertions(+), 67 deletions(-) diff --git a/requirements.txt b/requirements.txt index bab684a..8d1b375 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,112 +1,72 @@ +anyjson==0.3.3 +arrow==0.7.0 +autopep8==1.2.2 +bagit==1.5.4 deepdiff==1.7.0 -pytest-cov==3.0.0 -rdflib==5.0.0 -git+https://github.com/hydroshare/hsmodels.git@0.5.3#egg=hsmodels -six==1.16.0 -sorl-thumbnail==12.8.0 -Django==3.2.15 -Mezzanine==5.1.4 -requests==2.27.1 -django-security==0.12.0 +defusedxml==0.7.1 +django-autocomplete-light==2.3.6 django-braces==1.15.0 django-compressor==4.1 -django-appconf==1.0.5 -django-contrib-comments==2.2.0 django-cors-headers==3.10.1 django-crispy-forms==1.13.0 django-debug-toolbar==3.2.4 -django-jsonfield==1.4.1 -django-oauth-toolkit==2.1.0 -django-robots==4.0 -django-autocomplete-light==2.3.6 -django-haystack==3.1.1 -djangorestframework==3.12.4 -drf-haystack==1.8.11 -drf-yasg==1.20.0 -amqp==2.6.1 -anyjson==0.3.3 -arrow==0.7.0 -autopep8==1.2.2 -bagit==1.5.4 -celery==4.4.7 -cffi==1.15.1 -click==6.7 -coreapi==2.3.3 -coverage==6.5.0 -cycler==0.10.0 -defusedxml==0.7.1 -Django==3.2.15 django-freshly==0.1.2 django-heartbeat==2.0.2 django-ipware==2.1.0 +django-jsonfield==1.4.1 django-modeltranslation==0.12.2 django-nose==1.4.5 +django-oauth-toolkit==2.1.0 +django-robots==4.0 +django-security==0.12.0 django-test-without-migrations==0.6 django-timedeltafield==0.7.10 django-widget-tweaks==1.4.1 docker-py==1.7.2 dominate==2.4.0 -DoubleMetaphone==0.1 +drf-haystack==1.8.11 +drf-yasg==1.20.0 ecdsa==0.13.3 -filebrowser-safe==1.1.1 -flake8==3.5.0 +flake8-rst-docstrings==0.3.0 flex==6.14.1 flower==0.9.3 +foresite @ git+https://github.com/sblack-usu/foresite-toolkit.git@94c0c2a8e21a922caa1df6cc412d5dc1a7adb189#subdirectory=foresite-python/trunk funcsigs==1.0.2 -future==0.16.0 +GDAL==2.4.1 geojson==1.3.2 geopy==1.16.0 gevent==22.10.2 -grappelli-safe==1.1.1 gunicorn==19.6.0 +hsmodels @ git+https://github.com/hydroshare/hsmodels.git@3197b512d2764e2a4772596fe6c288331e53223e html5lib==0.9999999 -inflection==0.3.1 -isodate==0.5.4 -Jinja2==2.10.1 -jsonpointer==1.14 +ipaddress==1.0.22 jsonschema==2.6.0 keepalive==0.5 -kombu==4.6.11 -lxml==4.4.0 Markdown==3.0.1 -MarkupSafe==2.0.1 matplotlib==3.1.2 -mccabe==0.6.1 +Mezzanine==5.1.4 mock==1.3.0 nameparser==0.5.7 -netCDF4==1.5.1.2 -nose==1.3.7 -nose-timer>=0.7.4,<1.0.0 -oauthlib==3.1.0 +netCDF4==1.5.1.2 +nose-timer==0.7.6 OWSLib==0.10.3 paramiko==2.4.2 -pbr==1.10.0 -pep8==1.7.0 -prettytable==0.7.2 +pip==22.3.1 +pipdeptree==2.3.3 probablepeople==0.5.4 psycopg2==2.8.2 -ipaddress==1.0.22 -pyasn1==0.4.4 -pycodestyle==2.3.1 PyCRS==1.0.1 -pyflakes==1.6.0 pylint==1.5.5 -pyproj==3.4.0 pysolr==3.4.0 -pysqlite3==0.2.1 -pytest-django>=3.4.7, <4.0.0 -python-crfsuite -python-dateutil -python-irodsclient==0.8.1 -pytz==2022.6 -PyYAML==5.3 -rcssmin==1.1.0 +pytest-cov==3.0.0 +pytest-django==3.10.0 +python-irodsclient==0.8.1 redis==2.10.5 -rfc3987==1.3.8 robot-detection==0.4 selenium==3.0.2 +sorl-thumbnail==12.8.0 suds-jurko==0.6 timeago==1.0.10 -uritemplate==3.0.0 virtualenv==15.0.2 +wheel==0.38.4 xmltodict==0.10.2 From abb1b69a5aa981bef37933c160afe5a722261b8b Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Fri, 9 Dec 2022 10:30:00 -0500 Subject: [PATCH 12/24] flake8 --- requirements.txt | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/requirements.txt b/requirements.txt index 8d1b375..e37de26 100644 --- a/requirements.txt +++ b/requirements.txt @@ -27,7 +27,7 @@ dominate==2.4.0 drf-haystack==1.8.11 drf-yasg==1.20.0 ecdsa==0.13.3 -flake8-rst-docstrings==0.3.0 +flake8==6.0.0 flex==6.14.1 flower==0.9.3 foresite @ git+https://github.com/sblack-usu/foresite-toolkit.git@94c0c2a8e21a922caa1df6cc412d5dc1a7adb189#subdirectory=foresite-python/trunk @@ -52,7 +52,6 @@ nose-timer==0.7.6 OWSLib==0.10.3 paramiko==2.4.2 pip==22.3.1 -pipdeptree==2.3.3 probablepeople==0.5.4 psycopg2==2.8.2 PyCRS==1.0.1 @@ -69,4 +68,4 @@ suds-jurko==0.6 timeago==1.0.10 virtualenv==15.0.2 wheel==0.38.4 -xmltodict==0.10.2 +xmltodict==0.10.2 \ No newline at end of file From 0ade57d5fcc62554ebf0d9c098432d30876bdbc2 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Fri, 9 Dec 2022 11:33:49 -0500 Subject: [PATCH 13/24] pipdeptree --- Dockerfile | 11 +- requirements-tree.txt | 333 ++++++++++++++++++++++++++++++++++++++++++ requirements.txt | 141 +++++++++++++----- 3 files changed, 439 insertions(+), 46 deletions(-) create mode 100644 requirements-tree.txt diff --git a/Dockerfile b/Dockerfile index a2facf7..c607d9c 100755 --- a/Dockerfile +++ b/Dockerfile @@ -87,20 +87,15 @@ RUN wget -qO - https://packages.irods.org/irods-signing-key.asc | sudo apt-key a irods-runtime=4.2.10 \ irods-icommands=4.2.10 -# Install pip based packages (due to dependencies some packages need to come first) -#install numpy before matplotlib -RUN pip install 'numpy==1.16.*' - -# Removed defusedexpat (python 3.9) +# Removed defusedexpat (as part of upgrade to python 3.9) # Added defusedxml # https://docs.python.org/3.9/library/xml.html?highlight=xml#the-defusedxml-package # https://github.com/python/cpython/issues/82766 + +# Install pip based packages (due to dependencies some packages need to come first) COPY ./requirements.txt /requirements.txt RUN pip install -r requirements.txt -# foresite-toolkit in pip isn't compatible with python3 -RUN pip install git+https://github.com/sblack-usu/foresite-toolkit.git#subdirectory=foresite-python/trunk - # Install SSH for remote PyCharm debugging RUN mkdir /var/run/sshd RUN sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config diff --git a/requirements-tree.txt b/requirements-tree.txt new file mode 100644 index 0000000..a0e654f --- /dev/null +++ b/requirements-tree.txt @@ -0,0 +1,333 @@ +# generated using pipdeptree==2.3.3 +# pipdeptree -f | tee requirements-tree.txt +# you can use this with pip install -r requirements-tree directly, but it does contain duplicates +anyjson==0.3.3 +arrow==0.7.0 + python-dateutil==2.8.0 + six==1.16.0 +autopep8==1.2.2 + pep8==1.7.0 +bagit==1.5.4 +deepdiff==1.7.0 +defusedxml==0.7.1 +django-autocomplete-light==2.3.6 + six==1.16.0 +django-braces==1.15.0 + Django==3.2.15 + asgiref==3.5.2 + pytz==2022.6 + sqlparse==0.4.3 +django-compressor==4.1 + django-appconf==1.0.5 + Django==3.2.15 + asgiref==3.5.2 + pytz==2022.6 + sqlparse==0.4.3 + rcssmin==1.1.0 + rjsmin==1.2.0 +django-cors-headers==3.10.1 + Django==3.2.15 + asgiref==3.5.2 + pytz==2022.6 + sqlparse==0.4.3 +django-crispy-forms==1.13.0 +django-debug-toolbar==3.2.4 + Django==3.2.15 + asgiref==3.5.2 + pytz==2022.6 + sqlparse==0.4.3 + sqlparse==0.4.3 +django-freshly==0.1.2 +django-heartbeat==2.0.2 + Django==3.2.15 + asgiref==3.5.2 + pytz==2022.6 + sqlparse==0.4.3 + psutil==4.0.0 +django-ipware==2.1.0 +django-jsonfield==1.4.1 + Django==3.2.15 + asgiref==3.5.2 + pytz==2022.6 + sqlparse==0.4.3 + six==1.16.0 +django-modeltranslation==0.12.2 +django-nose==1.4.5 + nose==1.3.7 +django-oauth-toolkit==2.1.0 + Django==3.2.15 + asgiref==3.5.2 + pytz==2022.6 + sqlparse==0.4.3 + jwcrypto==1.4.2 + cryptography==38.0.4 + cffi==1.15.1 + pycparser==2.21 + Deprecated==1.2.13 + wrapt==1.14.1 + oauthlib==3.1.0 + requests==2.27.1 + certifi==2022.12.7 + charset-normalizer==2.0.12 + idna==3.4 + urllib3==1.26.13 +django-robots==4.0 +django-security==0.12.0 + Django==3.2.15 + asgiref==3.5.2 + pytz==2022.6 + sqlparse==0.4.3 + python-dateutil==2.8.0 + six==1.16.0 + ua-parser==0.16.1 +django-test-without-migrations==0.6 +django-timedeltafield==0.7.10 +django-widget-tweaks==1.4.1 +docker-py==1.7.2 + requests==2.27.1 + certifi==2022.12.7 + charset-normalizer==2.0.12 + idna==3.4 + urllib3==1.26.13 + six==1.16.0 + websocket-client==1.4.2 +dominate==2.4.0 +drf-haystack==1.8.11 + Django==3.2.15 + asgiref==3.5.2 + pytz==2022.6 + sqlparse==0.4.3 + django-haystack==3.1.1 + Django==3.2.15 + asgiref==3.5.2 + pytz==2022.6 + sqlparse==0.4.3 + djangorestframework==3.12.4 + Django==3.2.15 + asgiref==3.5.2 + pytz==2022.6 + sqlparse==0.4.3 + python-dateutil==2.8.0 + six==1.16.0 +drf-yasg==1.20.0 + coreapi==2.3.3 + coreschema==0.0.4 + Jinja2==2.10.1 + MarkupSafe==2.0.1 + itypes==1.2.0 + requests==2.27.1 + certifi==2022.12.7 + charset-normalizer==2.0.12 + idna==3.4 + urllib3==1.26.13 + uritemplate==3.0.0 + coreschema==0.0.4 + Jinja2==2.10.1 + MarkupSafe==2.0.1 + Django==3.2.15 + asgiref==3.5.2 + pytz==2022.6 + sqlparse==0.4.3 + djangorestframework==3.12.4 + Django==3.2.15 + asgiref==3.5.2 + pytz==2022.6 + sqlparse==0.4.3 + inflection==0.3.1 + packaging==22.0 + ruamel.yaml==0.17.21 + ruamel.yaml.clib==0.2.7 + uritemplate==3.0.0 +ecdsa==0.13.3 +flake8==6.0.0 + mccabe==0.7.0 + pycodestyle==2.10.0 + pyflakes==3.0.1 +flex==6.14.1 + click==6.7 + jsonpointer==1.14 + PyYAML==5.3 + requests==2.27.1 + certifi==2022.12.7 + charset-normalizer==2.0.12 + idna==3.4 + urllib3==1.26.13 + rfc3987==1.3.8 + six==1.16.0 + strict-rfc3339==0.7 + validate-email==1.3 +flower==0.9.3 + Babel==2.11.0 + pytz==2022.6 + celery==4.4.7 + billiard==3.6.4.0 + kombu==4.6.11 + amqp==2.6.1 + vine==1.3.0 + pytz==2022.6 + vine==1.3.0 + pytz==2022.6 + tornado==5.1.1 +foresite @ git+https://github.com/sblack-usu/foresite-toolkit.git@94c0c2a8e21a922caa1df6cc412d5dc1a7adb189#subdirectory=foresite-python/trunk + lxml==4.4.0 + rdflib==5.0.0 + isodate==0.5.4 + pyparsing==3.0.9 + six==1.16.0 +funcsigs==1.0.2 +GDAL==2.4.1 +geojson==1.3.2 + setuptools==57.5.0 +geopy==1.16.0 + geographiclib==1.52 +gevent==22.10.2 + greenlet==2.0.1 + setuptools==57.5.0 + zope.event==4.5.0 + setuptools==57.5.0 + zope.interface==5.5.2 + setuptools==57.5.0 +gunicorn==19.6.0 +hsmodels @ git+https://github.com/hydroshare/hsmodels.git@3197b512d2764e2a4772596fe6c288331e53223e + email-validator==1.3.0 + dnspython==2.2.1 + idna==3.4 + pydantic==1.10.2 + typing_extensions==4.4.0 + rdflib==5.0.0 + isodate==0.5.4 + pyparsing==3.0.9 + six==1.16.0 +html5lib==0.9999999 + six==1.16.0 +ipaddress==1.0.22 +jsonschema==2.6.0 +keepalive==0.5 +Markdown==3.0.1 +matplotlib==3.1.2 + cycler==0.10.0 + six==1.16.0 + kiwisolver==1.4.4 + numpy==1.16.6 + pyparsing==3.0.9 + python-dateutil==2.8.0 + six==1.16.0 +Mezzanine==5.1.4 + beautifulsoup4==4.11.1 + soupsieve==2.3.2.post1 + bleach==4.1.0 + packaging==22.0 + six==1.16.0 + webencodings==0.5.1 + chardet==5.1.0 + Django==3.2.15 + asgiref==3.5.2 + pytz==2022.6 + sqlparse==0.4.3 + django-contrib-comments==2.2.0 + Django==3.2.15 + asgiref==3.5.2 + pytz==2022.6 + sqlparse==0.4.3 + filebrowser-safe==1.1.1 + grappelli-safe==1.1.1 + Pillow==9.3.0 + pytz==2022.6 + requests==2.27.1 + certifi==2022.12.7 + charset-normalizer==2.0.12 + idna==3.4 + urllib3==1.26.13 + requests-oauthlib==1.3.1 + oauthlib==3.1.0 + requests==2.27.1 + certifi==2022.12.7 + charset-normalizer==2.0.12 + idna==3.4 + urllib3==1.26.13 + tzlocal==4.2 + pytz-deprecation-shim==0.1.0.post0 + tzdata==2022.7 +mock==1.3.0 + pbr==1.10.0 + six==1.16.0 +nameparser==0.5.7 +netCDF4==1.5.1.2 + cftime==1.6.2 + numpy==1.16.6 + numpy==1.16.6 +nose-timer==0.7.6 + nose==1.3.7 +OWSLib==0.10.3 + pyproj==3.4.0 + certifi==2022.12.7 + python-dateutil==2.8.0 + six==1.16.0 + pytz==2022.6 + requests==2.27.1 + certifi==2022.12.7 + charset-normalizer==2.0.12 + idna==3.4 + urllib3==1.26.13 +paramiko==2.12.0 + bcrypt==4.0.1 + cryptography==38.0.4 + cffi==1.15.1 + pycparser==2.21 + PyNaCl==1.5.0 + cffi==1.15.1 + pycparser==2.21 + six==1.16.0 +pip==22.3.1 +probablepeople==0.5.4 + DoubleMetaphone==0.1 + future==0.16.0 + probableparsing==0.0.1 + python-crfsuite==0.9.8 +psycopg2==2.8.2 +pyasn1==0.4.4 +PyCRS==1.0.1 +pylint==1.5.5 + astroid==1.4.9 + lazy-object-proxy==1.8.0 + six==1.16.0 + wrapt==1.14.1 + colorama==0.4.6 + six==1.16.0 +pysolr==3.4.0 + requests==2.27.1 + certifi==2022.12.7 + charset-normalizer==2.0.12 + idna==3.4 + urllib3==1.26.13 +pytest-cov==3.0.0 + coverage==6.5.0 + pytest==7.2.0 + attrs==22.1.0 + exceptiongroup==1.0.4 + iniconfig==1.1.1 + packaging==22.0 + pluggy==1.0.0 + tomli==2.0.1 +pytest-django==3.10.0 + pytest==7.2.0 + attrs==22.1.0 + exceptiongroup==1.0.4 + iniconfig==1.1.1 + packaging==22.0 + pluggy==1.0.0 + tomli==2.0.1 +python-irodsclient==0.8.1 + prettytable==0.7.2 + six==1.16.0 + xmlrunner==1.7.7 +redis==2.10.5 +robot-detection==0.4 + six==1.16.0 +selenium==3.0.2 +sorl-thumbnail==12.8.0 +suds-jurko==0.6 +timeago==1.0.10 +virtualenv==15.0.2 +wheel==0.38.4 +xmltodict==0.10.2 diff --git a/requirements.txt b/requirements.txt index bab684a..2ce7cf7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,112 +1,177 @@ -deepdiff==1.7.0 -pytest-cov==3.0.0 -rdflib==5.0.0 -git+https://github.com/hydroshare/hsmodels.git@0.5.3#egg=hsmodels -six==1.16.0 -sorl-thumbnail==12.8.0 -Django==3.2.15 -Mezzanine==5.1.4 -requests==2.27.1 -django-security==0.12.0 -django-braces==1.15.0 -django-compressor==4.1 -django-appconf==1.0.5 -django-contrib-comments==2.2.0 -django-cors-headers==3.10.1 -django-crispy-forms==1.13.0 -django-debug-toolbar==3.2.4 -django-jsonfield==1.4.1 -django-oauth-toolkit==2.1.0 -django-robots==4.0 -django-autocomplete-light==2.3.6 -django-haystack==3.1.1 -djangorestframework==3.12.4 -drf-haystack==1.8.11 -drf-yasg==1.20.0 amqp==2.6.1 anyjson==0.3.3 arrow==0.7.0 +asgiref==3.5.2 +astroid==1.4.9 +attrs==22.1.0 autopep8==1.2.2 +Babel==2.11.0 bagit==1.5.4 +bcrypt==4.0.1 +beautifulsoup4==4.11.1 +billiard==3.6.4.0 +bleach==4.1.0 celery==4.4.7 +certifi==2022.12.7 cffi==1.15.1 +cftime==1.6.2 +chardet==5.1.0 +charset-normalizer==2.0.12 click==6.7 +colorama==0.4.6 coreapi==2.3.3 +coreschema==0.0.4 coverage==6.5.0 +cryptography==38.0.4 cycler==0.10.0 +deepdiff==1.7.0 defusedxml==0.7.1 +Deprecated==1.2.13 Django==3.2.15 +django-appconf==1.0.5 +django-autocomplete-light==2.3.6 +django-braces==1.15.0 +django-compressor==4.1 +django-contrib-comments==2.2.0 +django-cors-headers==3.10.1 +django-crispy-forms==1.13.0 +django-debug-toolbar==3.2.4 django-freshly==0.1.2 +django-haystack==3.1.1 django-heartbeat==2.0.2 django-ipware==2.1.0 +django-jsonfield==1.4.1 django-modeltranslation==0.12.2 django-nose==1.4.5 +django-oauth-toolkit==2.1.0 +djangorestframework==3.12.4 +django-robots==4.0 +django-security==0.12.0 django-test-without-migrations==0.6 django-timedeltafield==0.7.10 django-widget-tweaks==1.4.1 +dnspython==2.2.1 docker-py==1.7.2 dominate==2.4.0 DoubleMetaphone==0.1 +drf-haystack==1.8.11 +drf-yasg==1.20.0 ecdsa==0.13.3 +email-validator==1.3.0 +exceptiongroup==1.0.4 filebrowser-safe==1.1.1 -flake8==3.5.0 +flake8==6.0.0 flex==6.14.1 flower==0.9.3 +foresite@git+https://github.com/sblack-usu/foresite-toolkit.git@94c0c2a8e21a922caa1df6cc412d5dc1a7adb189#subdirectory=foresite-python/trunk funcsigs==1.0.2 future==0.16.0 +GDAL==2.4.1 +geographiclib==1.52 geojson==1.3.2 geopy==1.16.0 gevent==22.10.2 grappelli-safe==1.1.1 +greenlet==2.0.1 gunicorn==19.6.0 +hsmodels@git+https://github.com/hydroshare/hsmodels.git@3197b512d2764e2a4772596fe6c288331e53223e html5lib==0.9999999 +idna==3.4 inflection==0.3.1 +iniconfig==1.1.1 +ipaddress==1.0.22 isodate==0.5.4 +itypes==1.2.0 Jinja2==2.10.1 jsonpointer==1.14 jsonschema==2.6.0 +jwcrypto==1.4.2 keepalive==0.5 +kiwisolver==1.4.4 kombu==4.6.11 +lazy-object-proxy==1.8.0 lxml==4.4.0 Markdown==3.0.1 MarkupSafe==2.0.1 matplotlib==3.1.2 -mccabe==0.6.1 +mccabe==0.7.0 +Mezzanine==5.1.4 mock==1.3.0 nameparser==0.5.7 -netCDF4==1.5.1.2 +netCDF4==1.5.1.2 nose==1.3.7 -nose-timer>=0.7.4,<1.0.0 +nose-timer==0.7.6 +numpy==1.16.6 oauthlib==3.1.0 OWSLib==0.10.3 -paramiko==2.4.2 +packaging==22.0 +paramiko==2.12.0 pbr==1.10.0 pep8==1.7.0 +Pillow==9.3.0 +pip==22.3.1 +pipdeptree==2.3.3 +pluggy==1.0.0 prettytable==0.7.2 +probableparsing==0.0.1 probablepeople==0.5.4 +psutil==4.0.0 psycopg2==2.8.2 -ipaddress==1.0.22 pyasn1==0.4.4 -pycodestyle==2.3.1 +pycodestyle==2.10.0 +pycparser==2.21 PyCRS==1.0.1 -pyflakes==1.6.0 +pydantic==1.10.2 +pyflakes==3.0.1 pylint==1.5.5 +PyNaCl==1.5.0 +pyparsing==3.0.9 pyproj==3.4.0 pysolr==3.4.0 -pysqlite3==0.2.1 -pytest-django>=3.4.7, <4.0.0 -python-crfsuite -python-dateutil -python-irodsclient==0.8.1 +pytest==7.2.0 +pytest-cov==3.0.0 +pytest-django==3.10.0 +python-crfsuite==0.9.8 +python-dateutil==2.8.0 +python-irodsclient==0.8.1 pytz==2022.6 +pytz-deprecation-shim==0.1.0.post0 PyYAML==5.3 rcssmin==1.1.0 +rdflib==5.0.0 redis==2.10.5 +requests==2.27.1 +requests-oauthlib==1.3.1 rfc3987==1.3.8 +rjsmin==1.2.0 robot-detection==0.4 +ruamel.yaml==0.17.21 +ruamel.yaml.clib==0.2.7 selenium==3.0.2 +setuptools==57.5.0 +six==1.16.0 +sorl-thumbnail==12.8.0 +soupsieve==2.3.2.post1 +sqlparse==0.4.3 +strict-rfc3339==0.7 suds-jurko==0.6 timeago==1.0.10 +tomli==2.0.1 +tornado==5.1.1 +typing_extensions==4.4.0 +tzdata==2022.7 +tzlocal==4.2 +ua-parser==0.16.1 uritemplate==3.0.0 +urllib3==1.26.13 +validate-email==1.3 +vine==1.3.0 virtualenv==15.0.2 +webencodings==0.5.1 +websocket-client==1.4.2 +wheel==0.38.4 +wrapt==1.14.1 +xmlrunner==1.7.7 xmltodict==0.10.2 +zope.event==4.5.0 +zope.interface==5.5.2 From 6d5273707fde4c5bd4f3faf24212f49f488b6db5 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Fri, 9 Dec 2022 11:45:06 -0500 Subject: [PATCH 14/24] add pydebug, safety report --- requirements.txt | 3 + safety.txt | 280 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 283 insertions(+) create mode 100644 safety.txt diff --git a/requirements.txt b/requirements.txt index 2ce7cf7..44ab30b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,5 @@ +# generated using pipdeptree https://github.com/tox-dev/pipdeptree +# pipdeptree -f | sed 's/ //g' | sort -u > requirements.txt amqp==2.6.1 anyjson==0.3.3 arrow==0.7.0 @@ -122,6 +124,7 @@ pycodestyle==2.10.0 pycparser==2.21 PyCRS==1.0.1 pydantic==1.10.2 +pydebug==1.0.3 pyflakes==3.0.1 pylint==1.5.5 PyNaCl==1.5.0 diff --git a/safety.txt b/safety.txt new file mode 100644 index 0000000..0924b1e --- /dev/null +++ b/safety.txt @@ -0,0 +1,280 @@ ++==============================================================================+ + + /$$$$$$ /$$ + /$$__ $$ | $$ + /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ + /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ + | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ + \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ + /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ + |_______/ \_______/|__/ \_______/ \___/ \____ $$ + /$$ | $$ + | $$$$$$/ + by pyup.io \______/ + ++==============================================================================+ + + REPORT + + You are using Safety's free vulnerability database. This data is +outdated, limited, and + licensed for non-commercial use only. + All commercial projects must sign up and get an API key at +https://pyup.io + + Safety v2.3.5 is scanning for Vulnerabilities... + Scanning dependencies in your environment: + + -> /usr/local/lib/python3.9/site-packages + + Using non-commercial database + Found and scanned 180 packages + Timestamp 2022-12-09 16:43:12 + 25 vulnerabilities found + 0 vulnerabilities ignored + ++==============================================================================+ + VULNERABILITIES FOUND ++==============================================================================+ + +-> Vulnerability found in rdflib version 5.0.0 + Vulnerability ID: 48547 + Affected spec: >0 + ADVISORY: Rdflib provides no way to control how external references + are resolved, nor a way to implement caching of external resources. This... + PVE-2022-48547 + For more information, please visit https://pyup.io/v/48547/f17 + + +-> Vulnerability found in pyyaml version 5.3 + Vulnerability ID: 39611 + Affected spec: <5.4 + ADVISORY: Pyyaml version 5.4 includes a fix for CVE-2020-14343: A + vulnerability was discovered in the PyYAML library in versions before 5.4,... + CVE-2020-14343 + For more information, please visit https://pyup.io/v/39611/f17 + + +-> Vulnerability found in pyyaml version 5.3 + Vulnerability ID: 38100 + Affected spec: <5.3.1 + ADVISORY: Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A + vulnerability was discovered in the PyYAML library in versions before... + CVE-2020-1747 + For more information, please visit https://pyup.io/v/38100/f17 + + +-> Vulnerability found in pylint version 1.5.5 + Vulnerability ID: 45185 + Affected spec: <2.13.0 + ADVISORY: Pylint 2.13.0 fixes a crash when using the doc_params + extension.https://github.com/PyCQA/pylint/issues/5322 + PVE-2022-45185 + For more information, please visit https://pyup.io/v/45185/f17 + + +-> Vulnerability found in pylint version 1.5.5 + Vulnerability ID: 38224 + Affected spec: <2.5.0 + ADVISORY: Pylint 2.5.0 no longer allows ``python -m pylint ...`` to + import user code. Previously, it added the current working directory as... + PVE-2021-38224 + For more information, please visit https://pyup.io/v/38224/f17 + + +-> Vulnerability found in pylint version 1.5.5 + Vulnerability ID: 39621 + Affected spec: <2.7.0 + ADVISORY: Pylint 2.7.0 includes a fix for vulnerable regular + expressions in 'pyreverse'. + PVE-2021-39621 + For more information, please visit https://pyup.io/v/39621/f17 + + +-> Vulnerability found in psutil version 4.0.0 + Vulnerability ID: 37765 + Affected spec: <=5.6.5 + ADVISORY: psutil (aka python-psutil) through 5.6.5 can have a double + free. This occurs because of refcount mishandling within a while or for... + CVE-2019-18874 + For more information, please visit https://pyup.io/v/37765/f17 + + +-> Vulnerability found in numpy version 1.16.6 + Vulnerability ID: 43453 + Affected spec: <1.21.0rc1 + ADVISORY: Numpy 1.21.0rc1 includes a fix for CVE-2021-33430: A Buffer + Overflow vulnerability in the PyArray_NewFromDescr_int function of ctors.c... + CVE-2021-33430 + For more information, please visit https://pyup.io/v/43453/f17 + + +-> Vulnerability found in numpy version 1.16.6 + Vulnerability ID: 44717 + Affected spec: <1.22.0 + ADVISORY: Numpy 1.22.0 includes a fix for CVE-2021-34141: An + incomplete string comparison in the numpy.core component in NumPy before... + CVE-2021-34141 + For more information, please visit https://pyup.io/v/44717/f17 + + +-> Vulnerability found in numpy version 1.16.6 + Vulnerability ID: 44716 + Affected spec: <1.22.0 + ADVISORY: Numpy 1.22.0 includes a fix for CVE-2021-41496: Buffer + overflow in the array_from_pyobj function of fortranobject.c, which allows... + CVE-2021-41496 + For more information, please visit https://pyup.io/v/44716/f17 + + +-> Vulnerability found in numpy version 1.16.6 + Vulnerability ID: 44715 + Affected spec: <1.22.2 + ADVISORY: Numpy 1.22.2 includes a fix for CVE-2021-41495: Null + Pointer Dereference vulnerability exists in numpy.sort in NumPy in the... + CVE-2021-41495 + For more information, please visit https://pyup.io/v/44715/f17 + + +-> Vulnerability found in lxml version 4.4.0 + Vulnerability ID: 43366 + Affected spec: <4.6.5 + ADVISORY: Lxml 4.6.5 includes a fix for CVE-2021-43818: Prior to + version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script... + CVE-2021-43818 + For more information, please visit https://pyup.io/v/43366/f17 + + +-> Vulnerability found in lxml version 4.4.0 + Vulnerability ID: 40072 + Affected spec: <4.6.3 + ADVISORY: Lxml version 4.6.3 includes a fix for CVE-2021-28957: An + XSS vulnerability was discovered in python-lxml's clean module versions... + CVE-2021-28957 + For more information, please visit https://pyup.io/v/40072/f17 + + +-> Vulnerability found in lxml version 4.4.0 + Vulnerability ID: 39194 + Affected spec: <4.6.2 + ADVISORY: Lxml 4.6.2 includes a fix for CVE-2020-27783: A XSS + vulnerability was discovered in python-lxml's clean module. The module's... + CVE-2020-27783 + For more information, please visit https://pyup.io/v/39194/f17 + + +-> Vulnerability found in lxml version 4.4.0 + Vulnerability ID: 50748 + Affected spec: <4.9.1 + ADVISORY: Lxml 4.9.1 includes a fix for CVE-2022-2309: NULL Pointer + Dereference allows attackers to cause a denial of service (or application... + CVE-2022-2309 + For more information, please visit https://pyup.io/v/50748/f17 + + +-> Vulnerability found in jinja2 version 2.10.1 + Vulnerability ID: 39525 + Affected spec: <2.11.3 + ADVISORY: This affects the package jinja2 from 0.0.0 and before + 2.11.3. The ReDoS vulnerability is mainly due to the '_punctuation_re... + CVE-2020-28493 + For more information, please visit https://pyup.io/v/39525/f17 + + +-> Vulnerability found in html5lib version 0.9999999 + Vulnerability ID: 35693 + Affected spec: <0.99999999 + ADVISORY: The serializer in html5lib before 0.99999999 might allow + remote attackers to conduct cross-site scripting (XSS) attacks by... + CVE-2016-9909 + For more information, please visit https://pyup.io/v/35693/f17 + + +-> Vulnerability found in html5lib version 0.9999999 + Vulnerability ID: 35694 + Affected spec: <0.99999999 + ADVISORY: The serializer in html5lib before 0.99999999 might allow + remote attackers to conduct cross-site scripting (XSS) attacks by... + CVE-2016-9910 + For more information, please visit https://pyup.io/v/35694/f17 + + +-> Vulnerability found in gunicorn version 19.6.0 + Vulnerability ID: 40104 + Affected spec: <19.10.0 + ADVISORY: Gunicorn 20.0.1 fixes chunked encoding support to prevent + http request smuggling... + PVE-2021-40104 + For more information, please visit https://pyup.io/v/40104/f17 + + +-> Vulnerability found in gdal version 2.4.1 + Vulnerability ID: 48545 + Affected spec: <3.5.0 + ADVISORY: Gdal 3.5.0 fixes an out of bounds read in CPLRecodeFromWCha + ... + PVE-2022-48545 + For more information, please visit https://pyup.io/v/48545/f17 + + +-> Vulnerability found in gdal version 2.4.1 + Vulnerability ID: 42370 + Affected spec: <3.1.0 + ADVISORY: Gdal 3.1.0 includes multiple security related fixes + detected by OSS-... + PVE-2021-42370 + For more information, please visit https://pyup.io/v/42370/f17 + + +-> Vulnerability found in flower version 0.9.3 + Vulnerability ID: 49256 + Affected spec: <=1.0.0 + ADVISORY: Flower 1.0.0 and prior are vulnerable to CVE-2022-30034: + All versions as of 05-02-2022 are vulnerable to an OAuth authentication... + CVE-2022-30034 + For more information, please visit https://pyup.io/v/49256/f17 + + +-> Vulnerability found in ecdsa version 0.13.3 + Vulnerability ID: 37637 + Affected spec: <0.14 + ADVISORY: In ecdsa 0.14, deterministic signatures verify that the + signature won't leak private key through very unlikely selection of `k`... + PVE-2021-37637 + For more information, please visit https://pyup.io/v/37637/f17 + + +-> Vulnerability found in django version 3.2.15 + Vulnerability ID: 51340 + Affected spec: <3.2.16 + ADVISORY: In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 + before 4.1.2, internationalized URLs were subject to a potential denial of... + CVE-2022-41323 + For more information, please visit https://pyup.io/v/51340/f17 + + +-> Vulnerability found in celery version 4.4.7 + Vulnerability ID: 43738 + Affected spec: <5.2.2 + ADVISORY: Celery 5.2.2 includes a fix for CVE-2021-23727: Celery + before 5.2.2. by default trusts the messages and metadata stored in... + CVE-2021-23727 + For more information, please visit https://pyup.io/v/43738/f17 + + Scan was completed. 25 vulnerabilities were found. + ++==============================================================================+ + REMEDIATIONS + + 25 vulnerabilities were found in 14 packages. For detailed remediation & fix + recommendations, upgrade to a commercial license. + ++==============================================================================+ + + You are using Safety's free vulnerability database. This data is +outdated, limited, and + licensed for non-commercial use only. + All commercial projects must sign up and get an API key at +https://pyup.io + ++==============================================================================+ From 4f1e941c7825f77f2af3c33846b112f5fb0af860 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Fri, 9 Dec 2022 12:31:49 -0500 Subject: [PATCH 15/24] safety2 --- requirements-tree.txt | 5 ++++- requirements.txt | 3 ++- safety.txt | 20 ++++++-------------- 3 files changed, 12 insertions(+), 16 deletions(-) diff --git a/requirements-tree.txt b/requirements-tree.txt index a0e654f..3bf43b5 100644 --- a/requirements-tree.txt +++ b/requirements-tree.txt @@ -138,7 +138,8 @@ drf-yasg==1.20.0 ruamel.yaml==0.17.21 ruamel.yaml.clib==0.2.7 uritemplate==3.0.0 -ecdsa==0.13.3 +ecdsa==0.18.0 + six==1.16.0 flake8==6.0.0 mccabe==0.7.0 pycodestyle==2.10.0 @@ -279,6 +280,7 @@ paramiko==2.12.0 pycparser==2.21 six==1.16.0 pip==22.3.1 +pipdeptree==2.3.3 probablepeople==0.5.4 DoubleMetaphone==0.1 future==0.16.0 @@ -287,6 +289,7 @@ probablepeople==0.5.4 psycopg2==2.8.2 pyasn1==0.4.4 PyCRS==1.0.1 +pydebug==1.0.3 pylint==1.5.5 astroid==1.4.9 lazy-object-proxy==1.8.0 diff --git a/requirements.txt b/requirements.txt index 1248794..2b82440 100644 --- a/requirements.txt +++ b/requirements.txt @@ -58,7 +58,7 @@ dominate==2.4.0 DoubleMetaphone==0.1 drf-haystack==1.8.11 drf-yasg==1.20.0 -ecdsa==0.13.3 +ecdsa==0.18.0 email-validator==1.3.0 exceptiongroup==1.0.4 filebrowser-safe==1.1.1 @@ -94,6 +94,7 @@ kombu==4.6.11 lazy-object-proxy==1.8.0 lxml==4.4.0 Markdown==3.0.1 +MarkupSafe==2.0.1 matplotlib==3.1.2 mccabe==0.7.0 Mezzanine==5.1.4 diff --git a/safety.txt b/safety.txt index 0924b1e..2ed3a5e 100644 --- a/safety.txt +++ b/safety.txt @@ -1,3 +1,4 @@ +safety check --output text > safety.txt +==============================================================================+ /$$$$$$ /$$ @@ -28,9 +29,9 @@ https://pyup.io -> /usr/local/lib/python3.9/site-packages Using non-commercial database - Found and scanned 180 packages - Timestamp 2022-12-09 16:43:12 - 25 vulnerabilities found + Found and scanned 181 packages + Timestamp 2022-12-09 17:29:55 + 24 vulnerabilities found 0 vulnerabilities ignored +==============================================================================+ @@ -235,15 +236,6 @@ https://pyup.io For more information, please visit https://pyup.io/v/49256/f17 --> Vulnerability found in ecdsa version 0.13.3 - Vulnerability ID: 37637 - Affected spec: <0.14 - ADVISORY: In ecdsa 0.14, deterministic signatures verify that the - signature won't leak private key through very unlikely selection of `k`... - PVE-2021-37637 - For more information, please visit https://pyup.io/v/37637/f17 - - -> Vulnerability found in django version 3.2.15 Vulnerability ID: 51340 Affected spec: <3.2.16 @@ -261,12 +253,12 @@ https://pyup.io CVE-2021-23727 For more information, please visit https://pyup.io/v/43738/f17 - Scan was completed. 25 vulnerabilities were found. + Scan was completed. 24 vulnerabilities were found. +==============================================================================+ REMEDIATIONS - 25 vulnerabilities were found in 14 packages. For detailed remediation & fix + 24 vulnerabilities were found in 13 packages. For detailed remediation & fix recommendations, upgrade to a commercial license. +==============================================================================+ From 5c18f7ddbc6d8f88aefc4e38f01ff7a22efc853a Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Fri, 9 Dec 2022 12:36:49 -0500 Subject: [PATCH 16/24] add debugpy --- requirements-tree.txt | 31 ++++++++++++++++++++++++++----- requirements.txt | 8 ++++++-- safety.txt | 4 ++-- 3 files changed, 34 insertions(+), 9 deletions(-) diff --git a/requirements-tree.txt b/requirements-tree.txt index 3bf43b5..2b38a19 100644 --- a/requirements-tree.txt +++ b/requirements-tree.txt @@ -8,6 +8,7 @@ arrow==0.7.0 autopep8==1.2.2 pep8==1.7.0 bagit==1.5.4 +debugpy==1.6.4 deepdiff==1.7.0 defusedxml==0.7.1 django-autocomplete-light==2.3.6 @@ -134,7 +135,8 @@ drf-yasg==1.20.0 pytz==2022.6 sqlparse==0.4.3 inflection==0.3.1 - packaging==22.0 + packaging==21.3 + pyparsing==3.0.9 ruamel.yaml==0.17.21 ruamel.yaml.clib==0.2.7 uritemplate==3.0.0 @@ -145,7 +147,7 @@ flake8==6.0.0 pycodestyle==2.10.0 pyflakes==3.0.1 flex==6.14.1 - click==6.7 + click==8.1.3 jsonpointer==1.14 PyYAML==5.3 requests==2.27.1 @@ -217,7 +219,8 @@ Mezzanine==5.1.4 beautifulsoup4==4.11.1 soupsieve==2.3.2.post1 bleach==4.1.0 - packaging==22.0 + packaging==21.3 + pyparsing==3.0.9 six==1.16.0 webencodings==0.5.1 chardet==5.1.0 @@ -309,7 +312,8 @@ pytest-cov==3.0.0 attrs==22.1.0 exceptiongroup==1.0.4 iniconfig==1.1.1 - packaging==22.0 + packaging==21.3 + pyparsing==3.0.9 pluggy==1.0.0 tomli==2.0.1 pytest-django==3.10.0 @@ -317,7 +321,8 @@ pytest-django==3.10.0 attrs==22.1.0 exceptiongroup==1.0.4 iniconfig==1.1.1 - packaging==22.0 + packaging==21.3 + pyparsing==3.0.9 pluggy==1.0.0 tomli==2.0.1 python-irodsclient==0.8.1 @@ -327,6 +332,22 @@ python-irodsclient==0.8.1 redis==2.10.5 robot-detection==0.4 six==1.16.0 +safety==2.3.5 + click==8.1.3 + dparse==0.6.2 + packaging==21.3 + pyparsing==3.0.9 + toml==0.10.2 + packaging==21.3 + pyparsing==3.0.9 + requests==2.27.1 + certifi==2022.12.7 + charset-normalizer==2.0.12 + idna==3.4 + urllib3==1.26.13 + ruamel.yaml==0.17.21 + ruamel.yaml.clib==0.2.7 + setuptools==57.5.0 selenium==3.0.2 sorl-thumbnail==12.8.0 suds-jurko==0.6 diff --git a/requirements.txt b/requirements.txt index 2b82440..a5ab80e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -19,13 +19,14 @@ cffi==1.15.1 cftime==1.6.2 chardet==5.1.0 charset-normalizer==2.0.12 -click==6.7 +click==8.1.3 colorama==0.4.6 coreapi==2.3.3 coreschema==0.0.4 coverage==6.5.0 cryptography==38.0.4 cycler==0.10.0 +debugpy==1.6.4 deepdiff==1.7.0 defusedxml==0.7.1 Deprecated==1.2.13 @@ -56,6 +57,7 @@ dnspython==2.2.1 docker-py==1.7.2 dominate==2.4.0 DoubleMetaphone==0.1 +dparse==0.6.2 drf-haystack==1.8.11 drf-yasg==1.20.0 ecdsa==0.18.0 @@ -106,7 +108,7 @@ nose-timer==0.7.6 numpy==1.16.6 oauthlib==3.1.0 OWSLib==0.10.3 -packaging==22.0 +packaging==21.3 paramiko==2.12.0 pbr==1.10.0 pep8==1.7.0 @@ -150,6 +152,7 @@ rjsmin==1.2.0 robot-detection==0.4 ruamel.yaml==0.17.21 ruamel.yaml.clib==0.2.7 +safety==2.3.5 selenium==3.0.2 setuptools==57.5.0 six==1.16.0 @@ -159,6 +162,7 @@ sqlparse==0.4.3 strict-rfc3339==0.7 suds-jurko==0.6 timeago==1.0.10 +toml==0.10.2 tomli==2.0.1 tornado==5.1.1 typing_extensions==4.4.0 diff --git a/safety.txt b/safety.txt index 2ed3a5e..1652cfe 100644 --- a/safety.txt +++ b/safety.txt @@ -29,8 +29,8 @@ https://pyup.io -> /usr/local/lib/python3.9/site-packages Using non-commercial database - Found and scanned 181 packages - Timestamp 2022-12-09 17:29:55 + Found and scanned 182 packages + Timestamp 2022-12-09 17:34:01 24 vulnerabilities found 0 vulnerabilities ignored From 2974112fb1685a20176fa770d44ad9abf9150106 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Sat, 10 Dec 2022 16:00:12 -0500 Subject: [PATCH 17/24] gunicorn --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index a5ab80e..0c52f9b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -77,7 +77,7 @@ geopy==1.16.0 gevent==22.10.2 grappelli-safe==1.1.1 greenlet==2.0.1 -gunicorn==19.6.0 +gunicorn==20.1.0 hsmodels@git+https://github.com/hydroshare/hsmodels.git@3197b512d2764e2a4772596fe6c288331e53223e html5lib==0.9999999 idna==3.4 From bd3d033ff0aaa5fcb5e4eae551d91c9b2801d9e3 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Sat, 10 Dec 2022 18:33:00 -0500 Subject: [PATCH 18/24] cleanup --- requirements-tree.txt | 357 ------------------------------------------ safety.txt | 272 -------------------------------- 2 files changed, 629 deletions(-) delete mode 100644 requirements-tree.txt delete mode 100644 safety.txt diff --git a/requirements-tree.txt b/requirements-tree.txt deleted file mode 100644 index 2b38a19..0000000 --- a/requirements-tree.txt +++ /dev/null @@ -1,357 +0,0 @@ -# generated using pipdeptree==2.3.3 -# pipdeptree -f | tee requirements-tree.txt -# you can use this with pip install -r requirements-tree directly, but it does contain duplicates -anyjson==0.3.3 -arrow==0.7.0 - python-dateutil==2.8.0 - six==1.16.0 -autopep8==1.2.2 - pep8==1.7.0 -bagit==1.5.4 -debugpy==1.6.4 -deepdiff==1.7.0 -defusedxml==0.7.1 -django-autocomplete-light==2.3.6 - six==1.16.0 -django-braces==1.15.0 - Django==3.2.15 - asgiref==3.5.2 - pytz==2022.6 - sqlparse==0.4.3 -django-compressor==4.1 - django-appconf==1.0.5 - Django==3.2.15 - asgiref==3.5.2 - pytz==2022.6 - sqlparse==0.4.3 - rcssmin==1.1.0 - rjsmin==1.2.0 -django-cors-headers==3.10.1 - Django==3.2.15 - asgiref==3.5.2 - pytz==2022.6 - sqlparse==0.4.3 -django-crispy-forms==1.13.0 -django-debug-toolbar==3.2.4 - Django==3.2.15 - asgiref==3.5.2 - pytz==2022.6 - sqlparse==0.4.3 - sqlparse==0.4.3 -django-freshly==0.1.2 -django-heartbeat==2.0.2 - Django==3.2.15 - asgiref==3.5.2 - pytz==2022.6 - sqlparse==0.4.3 - psutil==4.0.0 -django-ipware==2.1.0 -django-jsonfield==1.4.1 - Django==3.2.15 - asgiref==3.5.2 - pytz==2022.6 - sqlparse==0.4.3 - six==1.16.0 -django-modeltranslation==0.12.2 -django-nose==1.4.5 - nose==1.3.7 -django-oauth-toolkit==2.1.0 - Django==3.2.15 - asgiref==3.5.2 - pytz==2022.6 - sqlparse==0.4.3 - jwcrypto==1.4.2 - cryptography==38.0.4 - cffi==1.15.1 - pycparser==2.21 - Deprecated==1.2.13 - wrapt==1.14.1 - oauthlib==3.1.0 - requests==2.27.1 - certifi==2022.12.7 - charset-normalizer==2.0.12 - idna==3.4 - urllib3==1.26.13 -django-robots==4.0 -django-security==0.12.0 - Django==3.2.15 - asgiref==3.5.2 - pytz==2022.6 - sqlparse==0.4.3 - python-dateutil==2.8.0 - six==1.16.0 - ua-parser==0.16.1 -django-test-without-migrations==0.6 -django-timedeltafield==0.7.10 -django-widget-tweaks==1.4.1 -docker-py==1.7.2 - requests==2.27.1 - certifi==2022.12.7 - charset-normalizer==2.0.12 - idna==3.4 - urllib3==1.26.13 - six==1.16.0 - websocket-client==1.4.2 -dominate==2.4.0 -drf-haystack==1.8.11 - Django==3.2.15 - asgiref==3.5.2 - pytz==2022.6 - sqlparse==0.4.3 - django-haystack==3.1.1 - Django==3.2.15 - asgiref==3.5.2 - pytz==2022.6 - sqlparse==0.4.3 - djangorestframework==3.12.4 - Django==3.2.15 - asgiref==3.5.2 - pytz==2022.6 - sqlparse==0.4.3 - python-dateutil==2.8.0 - six==1.16.0 -drf-yasg==1.20.0 - coreapi==2.3.3 - coreschema==0.0.4 - Jinja2==2.10.1 - MarkupSafe==2.0.1 - itypes==1.2.0 - requests==2.27.1 - certifi==2022.12.7 - charset-normalizer==2.0.12 - idna==3.4 - urllib3==1.26.13 - uritemplate==3.0.0 - coreschema==0.0.4 - Jinja2==2.10.1 - MarkupSafe==2.0.1 - Django==3.2.15 - asgiref==3.5.2 - pytz==2022.6 - sqlparse==0.4.3 - djangorestframework==3.12.4 - Django==3.2.15 - asgiref==3.5.2 - pytz==2022.6 - sqlparse==0.4.3 - inflection==0.3.1 - packaging==21.3 - pyparsing==3.0.9 - ruamel.yaml==0.17.21 - ruamel.yaml.clib==0.2.7 - uritemplate==3.0.0 -ecdsa==0.18.0 - six==1.16.0 -flake8==6.0.0 - mccabe==0.7.0 - pycodestyle==2.10.0 - pyflakes==3.0.1 -flex==6.14.1 - click==8.1.3 - jsonpointer==1.14 - PyYAML==5.3 - requests==2.27.1 - certifi==2022.12.7 - charset-normalizer==2.0.12 - idna==3.4 - urllib3==1.26.13 - rfc3987==1.3.8 - six==1.16.0 - strict-rfc3339==0.7 - validate-email==1.3 -flower==0.9.3 - Babel==2.11.0 - pytz==2022.6 - celery==4.4.7 - billiard==3.6.4.0 - kombu==4.6.11 - amqp==2.6.1 - vine==1.3.0 - pytz==2022.6 - vine==1.3.0 - pytz==2022.6 - tornado==5.1.1 -foresite @ git+https://github.com/sblack-usu/foresite-toolkit.git@94c0c2a8e21a922caa1df6cc412d5dc1a7adb189#subdirectory=foresite-python/trunk - lxml==4.4.0 - rdflib==5.0.0 - isodate==0.5.4 - pyparsing==3.0.9 - six==1.16.0 -funcsigs==1.0.2 -GDAL==2.4.1 -geojson==1.3.2 - setuptools==57.5.0 -geopy==1.16.0 - geographiclib==1.52 -gevent==22.10.2 - greenlet==2.0.1 - setuptools==57.5.0 - zope.event==4.5.0 - setuptools==57.5.0 - zope.interface==5.5.2 - setuptools==57.5.0 -gunicorn==19.6.0 -hsmodels @ git+https://github.com/hydroshare/hsmodels.git@3197b512d2764e2a4772596fe6c288331e53223e - email-validator==1.3.0 - dnspython==2.2.1 - idna==3.4 - pydantic==1.10.2 - typing_extensions==4.4.0 - rdflib==5.0.0 - isodate==0.5.4 - pyparsing==3.0.9 - six==1.16.0 -html5lib==0.9999999 - six==1.16.0 -ipaddress==1.0.22 -jsonschema==2.6.0 -keepalive==0.5 -Markdown==3.0.1 -matplotlib==3.1.2 - cycler==0.10.0 - six==1.16.0 - kiwisolver==1.4.4 - numpy==1.16.6 - pyparsing==3.0.9 - python-dateutil==2.8.0 - six==1.16.0 -Mezzanine==5.1.4 - beautifulsoup4==4.11.1 - soupsieve==2.3.2.post1 - bleach==4.1.0 - packaging==21.3 - pyparsing==3.0.9 - six==1.16.0 - webencodings==0.5.1 - chardet==5.1.0 - Django==3.2.15 - asgiref==3.5.2 - pytz==2022.6 - sqlparse==0.4.3 - django-contrib-comments==2.2.0 - Django==3.2.15 - asgiref==3.5.2 - pytz==2022.6 - sqlparse==0.4.3 - filebrowser-safe==1.1.1 - grappelli-safe==1.1.1 - Pillow==9.3.0 - pytz==2022.6 - requests==2.27.1 - certifi==2022.12.7 - charset-normalizer==2.0.12 - idna==3.4 - urllib3==1.26.13 - requests-oauthlib==1.3.1 - oauthlib==3.1.0 - requests==2.27.1 - certifi==2022.12.7 - charset-normalizer==2.0.12 - idna==3.4 - urllib3==1.26.13 - tzlocal==4.2 - pytz-deprecation-shim==0.1.0.post0 - tzdata==2022.7 -mock==1.3.0 - pbr==1.10.0 - six==1.16.0 -nameparser==0.5.7 -netCDF4==1.5.1.2 - cftime==1.6.2 - numpy==1.16.6 - numpy==1.16.6 -nose-timer==0.7.6 - nose==1.3.7 -OWSLib==0.10.3 - pyproj==3.4.0 - certifi==2022.12.7 - python-dateutil==2.8.0 - six==1.16.0 - pytz==2022.6 - requests==2.27.1 - certifi==2022.12.7 - charset-normalizer==2.0.12 - idna==3.4 - urllib3==1.26.13 -paramiko==2.12.0 - bcrypt==4.0.1 - cryptography==38.0.4 - cffi==1.15.1 - pycparser==2.21 - PyNaCl==1.5.0 - cffi==1.15.1 - pycparser==2.21 - six==1.16.0 -pip==22.3.1 -pipdeptree==2.3.3 -probablepeople==0.5.4 - DoubleMetaphone==0.1 - future==0.16.0 - probableparsing==0.0.1 - python-crfsuite==0.9.8 -psycopg2==2.8.2 -pyasn1==0.4.4 -PyCRS==1.0.1 -pydebug==1.0.3 -pylint==1.5.5 - astroid==1.4.9 - lazy-object-proxy==1.8.0 - six==1.16.0 - wrapt==1.14.1 - colorama==0.4.6 - six==1.16.0 -pysolr==3.4.0 - requests==2.27.1 - certifi==2022.12.7 - charset-normalizer==2.0.12 - idna==3.4 - urllib3==1.26.13 -pytest-cov==3.0.0 - coverage==6.5.0 - pytest==7.2.0 - attrs==22.1.0 - exceptiongroup==1.0.4 - iniconfig==1.1.1 - packaging==21.3 - pyparsing==3.0.9 - pluggy==1.0.0 - tomli==2.0.1 -pytest-django==3.10.0 - pytest==7.2.0 - attrs==22.1.0 - exceptiongroup==1.0.4 - iniconfig==1.1.1 - packaging==21.3 - pyparsing==3.0.9 - pluggy==1.0.0 - tomli==2.0.1 -python-irodsclient==0.8.1 - prettytable==0.7.2 - six==1.16.0 - xmlrunner==1.7.7 -redis==2.10.5 -robot-detection==0.4 - six==1.16.0 -safety==2.3.5 - click==8.1.3 - dparse==0.6.2 - packaging==21.3 - pyparsing==3.0.9 - toml==0.10.2 - packaging==21.3 - pyparsing==3.0.9 - requests==2.27.1 - certifi==2022.12.7 - charset-normalizer==2.0.12 - idna==3.4 - urllib3==1.26.13 - ruamel.yaml==0.17.21 - ruamel.yaml.clib==0.2.7 - setuptools==57.5.0 -selenium==3.0.2 -sorl-thumbnail==12.8.0 -suds-jurko==0.6 -timeago==1.0.10 -virtualenv==15.0.2 -wheel==0.38.4 -xmltodict==0.10.2 diff --git a/safety.txt b/safety.txt deleted file mode 100644 index 1652cfe..0000000 --- a/safety.txt +++ /dev/null @@ -1,272 +0,0 @@ -safety check --output text > safety.txt -+==============================================================================+ - - /$$$$$$ /$$ - /$$__ $$ | $$ - /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ - /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ - | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ - \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ - /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ - |_______/ \_______/|__/ \_______/ \___/ \____ $$ - /$$ | $$ - | $$$$$$/ - by pyup.io \______/ - -+==============================================================================+ - - REPORT - - You are using Safety's free vulnerability database. This data is -outdated, limited, and - licensed for non-commercial use only. - All commercial projects must sign up and get an API key at -https://pyup.io - - Safety v2.3.5 is scanning for Vulnerabilities... - Scanning dependencies in your environment: - - -> /usr/local/lib/python3.9/site-packages - - Using non-commercial database - Found and scanned 182 packages - Timestamp 2022-12-09 17:34:01 - 24 vulnerabilities found - 0 vulnerabilities ignored - -+==============================================================================+ - VULNERABILITIES FOUND -+==============================================================================+ - --> Vulnerability found in rdflib version 5.0.0 - Vulnerability ID: 48547 - Affected spec: >0 - ADVISORY: Rdflib provides no way to control how external references - are resolved, nor a way to implement caching of external resources. This... - PVE-2022-48547 - For more information, please visit https://pyup.io/v/48547/f17 - - --> Vulnerability found in pyyaml version 5.3 - Vulnerability ID: 39611 - Affected spec: <5.4 - ADVISORY: Pyyaml version 5.4 includes a fix for CVE-2020-14343: A - vulnerability was discovered in the PyYAML library in versions before 5.4,... - CVE-2020-14343 - For more information, please visit https://pyup.io/v/39611/f17 - - --> Vulnerability found in pyyaml version 5.3 - Vulnerability ID: 38100 - Affected spec: <5.3.1 - ADVISORY: Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A - vulnerability was discovered in the PyYAML library in versions before... - CVE-2020-1747 - For more information, please visit https://pyup.io/v/38100/f17 - - --> Vulnerability found in pylint version 1.5.5 - Vulnerability ID: 45185 - Affected spec: <2.13.0 - ADVISORY: Pylint 2.13.0 fixes a crash when using the doc_params - extension.https://github.com/PyCQA/pylint/issues/5322 - PVE-2022-45185 - For more information, please visit https://pyup.io/v/45185/f17 - - --> Vulnerability found in pylint version 1.5.5 - Vulnerability ID: 38224 - Affected spec: <2.5.0 - ADVISORY: Pylint 2.5.0 no longer allows ``python -m pylint ...`` to - import user code. Previously, it added the current working directory as... - PVE-2021-38224 - For more information, please visit https://pyup.io/v/38224/f17 - - --> Vulnerability found in pylint version 1.5.5 - Vulnerability ID: 39621 - Affected spec: <2.7.0 - ADVISORY: Pylint 2.7.0 includes a fix for vulnerable regular - expressions in 'pyreverse'. - PVE-2021-39621 - For more information, please visit https://pyup.io/v/39621/f17 - - --> Vulnerability found in psutil version 4.0.0 - Vulnerability ID: 37765 - Affected spec: <=5.6.5 - ADVISORY: psutil (aka python-psutil) through 5.6.5 can have a double - free. This occurs because of refcount mishandling within a while or for... - CVE-2019-18874 - For more information, please visit https://pyup.io/v/37765/f17 - - --> Vulnerability found in numpy version 1.16.6 - Vulnerability ID: 43453 - Affected spec: <1.21.0rc1 - ADVISORY: Numpy 1.21.0rc1 includes a fix for CVE-2021-33430: A Buffer - Overflow vulnerability in the PyArray_NewFromDescr_int function of ctors.c... - CVE-2021-33430 - For more information, please visit https://pyup.io/v/43453/f17 - - --> Vulnerability found in numpy version 1.16.6 - Vulnerability ID: 44717 - Affected spec: <1.22.0 - ADVISORY: Numpy 1.22.0 includes a fix for CVE-2021-34141: An - incomplete string comparison in the numpy.core component in NumPy before... - CVE-2021-34141 - For more information, please visit https://pyup.io/v/44717/f17 - - --> Vulnerability found in numpy version 1.16.6 - Vulnerability ID: 44716 - Affected spec: <1.22.0 - ADVISORY: Numpy 1.22.0 includes a fix for CVE-2021-41496: Buffer - overflow in the array_from_pyobj function of fortranobject.c, which allows... - CVE-2021-41496 - For more information, please visit https://pyup.io/v/44716/f17 - - --> Vulnerability found in numpy version 1.16.6 - Vulnerability ID: 44715 - Affected spec: <1.22.2 - ADVISORY: Numpy 1.22.2 includes a fix for CVE-2021-41495: Null - Pointer Dereference vulnerability exists in numpy.sort in NumPy in the... - CVE-2021-41495 - For more information, please visit https://pyup.io/v/44715/f17 - - --> Vulnerability found in lxml version 4.4.0 - Vulnerability ID: 43366 - Affected spec: <4.6.5 - ADVISORY: Lxml 4.6.5 includes a fix for CVE-2021-43818: Prior to - version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script... - CVE-2021-43818 - For more information, please visit https://pyup.io/v/43366/f17 - - --> Vulnerability found in lxml version 4.4.0 - Vulnerability ID: 40072 - Affected spec: <4.6.3 - ADVISORY: Lxml version 4.6.3 includes a fix for CVE-2021-28957: An - XSS vulnerability was discovered in python-lxml's clean module versions... - CVE-2021-28957 - For more information, please visit https://pyup.io/v/40072/f17 - - --> Vulnerability found in lxml version 4.4.0 - Vulnerability ID: 39194 - Affected spec: <4.6.2 - ADVISORY: Lxml 4.6.2 includes a fix for CVE-2020-27783: A XSS - vulnerability was discovered in python-lxml's clean module. The module's... - CVE-2020-27783 - For more information, please visit https://pyup.io/v/39194/f17 - - --> Vulnerability found in lxml version 4.4.0 - Vulnerability ID: 50748 - Affected spec: <4.9.1 - ADVISORY: Lxml 4.9.1 includes a fix for CVE-2022-2309: NULL Pointer - Dereference allows attackers to cause a denial of service (or application... - CVE-2022-2309 - For more information, please visit https://pyup.io/v/50748/f17 - - --> Vulnerability found in jinja2 version 2.10.1 - Vulnerability ID: 39525 - Affected spec: <2.11.3 - ADVISORY: This affects the package jinja2 from 0.0.0 and before - 2.11.3. The ReDoS vulnerability is mainly due to the '_punctuation_re... - CVE-2020-28493 - For more information, please visit https://pyup.io/v/39525/f17 - - --> Vulnerability found in html5lib version 0.9999999 - Vulnerability ID: 35693 - Affected spec: <0.99999999 - ADVISORY: The serializer in html5lib before 0.99999999 might allow - remote attackers to conduct cross-site scripting (XSS) attacks by... - CVE-2016-9909 - For more information, please visit https://pyup.io/v/35693/f17 - - --> Vulnerability found in html5lib version 0.9999999 - Vulnerability ID: 35694 - Affected spec: <0.99999999 - ADVISORY: The serializer in html5lib before 0.99999999 might allow - remote attackers to conduct cross-site scripting (XSS) attacks by... - CVE-2016-9910 - For more information, please visit https://pyup.io/v/35694/f17 - - --> Vulnerability found in gunicorn version 19.6.0 - Vulnerability ID: 40104 - Affected spec: <19.10.0 - ADVISORY: Gunicorn 20.0.1 fixes chunked encoding support to prevent - http request smuggling... - PVE-2021-40104 - For more information, please visit https://pyup.io/v/40104/f17 - - --> Vulnerability found in gdal version 2.4.1 - Vulnerability ID: 48545 - Affected spec: <3.5.0 - ADVISORY: Gdal 3.5.0 fixes an out of bounds read in CPLRecodeFromWCha - ... - PVE-2022-48545 - For more information, please visit https://pyup.io/v/48545/f17 - - --> Vulnerability found in gdal version 2.4.1 - Vulnerability ID: 42370 - Affected spec: <3.1.0 - ADVISORY: Gdal 3.1.0 includes multiple security related fixes - detected by OSS-... - PVE-2021-42370 - For more information, please visit https://pyup.io/v/42370/f17 - - --> Vulnerability found in flower version 0.9.3 - Vulnerability ID: 49256 - Affected spec: <=1.0.0 - ADVISORY: Flower 1.0.0 and prior are vulnerable to CVE-2022-30034: - All versions as of 05-02-2022 are vulnerable to an OAuth authentication... - CVE-2022-30034 - For more information, please visit https://pyup.io/v/49256/f17 - - --> Vulnerability found in django version 3.2.15 - Vulnerability ID: 51340 - Affected spec: <3.2.16 - ADVISORY: In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 - before 4.1.2, internationalized URLs were subject to a potential denial of... - CVE-2022-41323 - For more information, please visit https://pyup.io/v/51340/f17 - - --> Vulnerability found in celery version 4.4.7 - Vulnerability ID: 43738 - Affected spec: <5.2.2 - ADVISORY: Celery 5.2.2 includes a fix for CVE-2021-23727: Celery - before 5.2.2. by default trusts the messages and metadata stored in... - CVE-2021-23727 - For more information, please visit https://pyup.io/v/43738/f17 - - Scan was completed. 24 vulnerabilities were found. - -+==============================================================================+ - REMEDIATIONS - - 24 vulnerabilities were found in 13 packages. For detailed remediation & fix - recommendations, upgrade to a commercial license. - -+==============================================================================+ - - You are using Safety's free vulnerability database. This data is -outdated, limited, and - licensed for non-commercial use only. - All commercial projects must sign up and get an API key at -https://pyup.io - -+==============================================================================+ From bfba156b884206685ac5eac111b32771381e1755 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Mon, 12 Dec 2022 10:46:40 -0500 Subject: [PATCH 19/24] some pip upgrades --- requirements.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/requirements.txt b/requirements.txt index 0c52f9b..ec7353d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -47,7 +47,7 @@ django-jsonfield==1.4.1 django-modeltranslation==0.12.2 django-nose==1.4.5 django-oauth-toolkit==2.1.0 -djangorestframework==3.12.4 +djangorestframework==3.13.1 django-robots==4.0 django-security==0.12.0 django-test-without-migrations==0.6 @@ -120,7 +120,7 @@ prettytable==0.7.2 probableparsing==0.0.1 probablepeople==0.5.4 psutil==4.0.0 -psycopg2==2.8.2 +psycopg2==2.9.5 pyasn1==0.4.4 pycodestyle==2.10.0 pycparser==2.21 @@ -132,10 +132,10 @@ pylint==1.5.5 PyNaCl==1.5.0 pyparsing==3.0.9 pyproj==3.4.0 -pysolr==3.4.0 +pysolr==3.9.0 pytest==7.2.0 -pytest-cov==3.0.0 -pytest-django==3.10.0 +pytest-cov==4.0.0 +pytest-django==4.5.2 python-crfsuite==0.9.8 python-dateutil==2.8.0 python-irodsclient==0.8.1 From 9da5ca43b03afb199479c8b51dc5649f1e6162d6 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Mon, 12 Dec 2022 12:18:06 -0500 Subject: [PATCH 20/24] downgrade djangorestframework --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index ec7353d..e252dfe 100644 --- a/requirements.txt +++ b/requirements.txt @@ -47,7 +47,7 @@ django-jsonfield==1.4.1 django-modeltranslation==0.12.2 django-nose==1.4.5 django-oauth-toolkit==2.1.0 -djangorestframework==3.13.1 +djangorestframework==3.12.4 django-robots==4.0 django-security==0.12.0 django-test-without-migrations==0.6 From 8495a88ff28278e8ccafddd7483913bc3d415738 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Wed, 14 Dec 2022 11:24:15 -0500 Subject: [PATCH 21/24] upgrade requests --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index e252dfe..75f6e14 100644 --- a/requirements.txt +++ b/requirements.txt @@ -145,7 +145,7 @@ PyYAML==5.3 rcssmin==1.1.0 rdflib==5.0.0 redis==2.10.5 -requests==2.27.1 +requests==2.28.1 requests-oauthlib==1.3.1 rfc3987==1.3.8 rjsmin==1.2.0 From 6f23e48de8ccda0095a19fb50a3bf33551f7f325 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Thu, 15 Dec 2022 10:12:03 -0500 Subject: [PATCH 22/24] add pyld and aiohttp --- requirements.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/requirements.txt b/requirements.txt index 75f6e14..136295c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,6 @@ # generated using pipdeptree https://github.com/tox-dev/pipdeptree # pipdeptree -f | sed 's/ //g' | sort -u > requirements.txt +aiohttp==3.8.3 amqp==2.6.1 anyjson==0.3.3 arrow==0.7.0 @@ -128,6 +129,7 @@ PyCRS==1.0.1 pydantic==1.10.2 pydebug==1.0.3 pyflakes==3.0.1 +PyLD==2.0.3 pylint==1.5.5 PyNaCl==1.5.0 pyparsing==3.0.9 From 2e23d037c3cdb528e81bcf1aae33083b84da26bb Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Thu, 15 Dec 2022 10:15:45 -0500 Subject: [PATCH 23/24] remove safety and pipdeptree --- requirements.txt | 4 ---- 1 file changed, 4 deletions(-) diff --git a/requirements.txt b/requirements.txt index 136295c..9833ba0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -58,7 +58,6 @@ dnspython==2.2.1 docker-py==1.7.2 dominate==2.4.0 DoubleMetaphone==0.1 -dparse==0.6.2 drf-haystack==1.8.11 drf-yasg==1.20.0 ecdsa==0.18.0 @@ -115,7 +114,6 @@ pbr==1.10.0 pep8==1.7.0 Pillow==9.3.0 pip==22.3.1 -pipdeptree==2.3.3 pluggy==1.0.0 prettytable==0.7.2 probableparsing==0.0.1 @@ -154,7 +152,6 @@ rjsmin==1.2.0 robot-detection==0.4 ruamel.yaml==0.17.21 ruamel.yaml.clib==0.2.7 -safety==2.3.5 selenium==3.0.2 setuptools==57.5.0 six==1.16.0 @@ -164,7 +161,6 @@ sqlparse==0.4.3 strict-rfc3339==0.7 suds-jurko==0.6 timeago==1.0.10 -toml==0.10.2 tomli==2.0.1 tornado==5.1.1 typing_extensions==4.4.0 From 757acf2a44226e57575b88b3063ad38a02162c93 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Thu, 15 Dec 2022 14:01:12 -0500 Subject: [PATCH 24/24] rm DID --- Dockerfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index c607d9c..68edfe9 100755 --- a/Dockerfile +++ b/Dockerfile @@ -19,8 +19,6 @@ RUN echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null -RUN apt-get update && sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin - RUN curl -sL https://deb.nodesource.com/setup_lts.x | sudo -E bash - COPY docker.list /etc/apt/sources.list.d/ @@ -31,7 +29,6 @@ RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo RUN apt-get update && apt-get install -y --fix-missing --no-install-recommends \ apt-utils \ - docker-ce \ libfuse2 \ libjpeg62-turbo \ libjpeg62-turbo-dev \