diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md index 9568ec85..e7ea7c1c 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.md +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -1,30 +1,35 @@ --- name: Bug Report about: Create a report to help us improve -title: \[BUG\] +title: \[BUG] labels: bug assignees: fmigneault - --- -**Describe the bug** +## Describe the bug + + + +## To Reproduce -**To Reproduce** Steps to reproduce the behavior: + 1. Deploy process with payload '...' 2. Execute using payload '....' 3. Result '....' 4. Error message '...' -**Expected behavior** +## Expected behavior + + -**Screenshots** -If applicable, add screenshots to help explain your problem. +## Environment -**Desktop (please complete the following information):** - - OS: \[e.g. Linux|Windows\] (if running locally) - - Browser \[e.g. chrome, safari\] (if running as a service) - - Instance: URL - - Version \["1.2.3", see `/version` endpoint\] +- OS: \[e.g. Linux|Windows] (if running locally) +- Browser \[e.g. chrome, safari] (if running as a service) +- Instance: URL +- Version \["1.2.3", see `/version` endpoint] diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/feature-request.md index 179274d9..bd0bef45 100644 --- a/.github/ISSUE_TEMPLATE/feature-request.md +++ b/.github/ISSUE_TEMPLATE/feature-request.md @@ -1,21 +1,31 @@ --- name: Feature Request about: Suggest an idea for this project -title: \[Feature\] +title: \[Feature] labels: feature assignees: fmigneault - --- -**Is your feature request related to a problem? Please describe.** -A clear and concise description of what the problem is. -Ex. I would like to be able to authenticate using \[...\] +## Describe the request + + + +## Expected behavior -**Describe the solution you'd like** -A clear and concise description of what you want to happen. + -**Describe alternatives you've considered** +## Alternatives considered + + + +## Additional context -**Additional context** + diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 433c4cfa..7ccf41af 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -29,7 +29,6 @@ jobs: env: # override make command to install directly in active python CONDA_COMMAND: "" - CHECKS_EXCLUDE: types strategy: matrix: os: [ubuntu-latest] @@ -43,10 +42,6 @@ jobs: python-version: "3.10" allow-failure: false test-case: check-only - - os: ubuntu-latest - python-version: "3.10" - allow-failure: true - test-case: check-types-only # docker smoke tests - os: ubuntu-latest python-version: "3.10" @@ -89,7 +84,7 @@ jobs: run: make install-pkg install-dev - if: ${{ matrix.test-case == 'check-only' }} name: Install Extra Test Dependencies - run: make install-npm + run: make install-dev - name: Display Packages run: pip freeze - name: Display Version @@ -106,9 +101,10 @@ jobs: run: make stop ${{ matrix.test-case }} continue-on-error: false - name: Upload coverage report - uses: codecov/codecov-action@v1 + uses: codecov/codecov-action@v2 if: ${{ success() && matrix.test-case == 'coverage' }} with: + token: ${{ secrets.CODECOV_TOKEN }} files: ./reports/coverage.xml fail_ci_if_error: true verbose: true diff --git a/.gitignore b/.gitignore index e1c3cab4..9d2ae05d 100644 --- a/.gitignore +++ b/.gitignore @@ -12,7 +12,7 @@ share ## Node node_modules -package.json +!package.json package-lock.json ## Makefile diff --git a/.remarkignore b/.remarkignore new file mode 100644 index 00000000..1b6d93e1 --- /dev/null +++ b/.remarkignore @@ -0,0 +1,13 @@ +# To save time scanning +.idea/ +.vscode/ +*.egg-info/ +downloads/ +env/ + +# actual items to ignore +.pytest_cache/ +node_modules/ +docs/_build/ +docs/build/ +reports/ diff --git a/.stylelintrc.json b/.stylelintrc.json deleted file mode 100644 index cb464aab..00000000 --- a/.stylelintrc.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "extends": "stylelint-config-standard", - "ignoreFiles": ["docs/_build/**"], - "rules": { - "block-no-empty": null, - "color-no-invalid-hex": true, - "color-hex-case": "upper", - "color-hex-length": "long", - "indentation": [4], - "no-descending-specificity": null, - "property-no-vendor-prefix": null - } -} diff --git a/CHANGES.rst b/CHANGES.rst index a0b46511..b6e8f312 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -7,18 +7,26 @@ Changes `Unreleased `_ (latest) ------------------------------------------------------------------------------------ -* Nothing yet. +Features / Changes +~~~~~~~~~~~~~~~~~~~~~ +* Pin ``gunicorn>=22`` to address CVE-2024-1135. +* Pin Docker base to ``python:3.11-alpine3.19`` for various security fixes. +* Update ``magpie==4.0.0`` for corresponding fixes + (see `Changes: magpie @ 4.0.0 `_). +* Pin ``watchdog>=4`` for latest typing additions. `2.3.0 `_ (2023-11-30) ------------------------------------------------------------------------------------ +Features / Changes +~~~~~~~~~~~~~~~~~~~~~ * Add optional key ``field`` and ``regex`` to be used in the ``sync_permissions`` section found in the config. This allows to sync permissions using a field other than ``resource_full_name`` when creating the ``name:type`` from the segment ``ex.: /field1::type1/field2::type2``. Adds support to use ``resource_display_name``. * The ``regex`` is used to extract the desired information from the ``nametype_path``. It should be used to do an exact match. This new search overrides the default way of matching each segment with the ``nametype_path``. In the case where a ``regex`` is found in the target segment, the data will be formed using the same ``resource_type`` - for every match in the same segment. Similary, as using ``- name: "**"`` in the config to match multiple segment, + for every match in the same segment. Similarly, as using ``- name: "**"`` in the config to match multiple segment, it is possible to use a ``regex`` to match multiple resources in the same segment with ``regex: '(?<=:).*\/?(?=\/)'`` `2.2.0 `_ (2023-11-16) diff --git a/Makefile b/Makefile index 31c3d8f0..e8cac7ab 100644 --- a/Makefile +++ b/Makefile @@ -334,27 +334,39 @@ install-docs: conda-env install-xargs ## install package requirements for docum @bash -c '$(CONDA_CMD) pip install $(PIP_XARGS) -r "$(APP_ROOT)/requirements-doc.txt"' @echo "Successfully installed docs requirements." -.PHONY: install-dev -install-dev: conda-env install-xargs ## install package requirements for development and testing +.PHONY: install-dev-python +install-dev-python: conda-env install-xargs ## install all Python package requirements for development and testing @bash -c '$(CONDA_CMD) pip install $(PIP_XARGS) -r "$(APP_ROOT)/requirements-dev.txt"' @echo "Successfully installed dev requirements." # install locally to ensure they can be found by config extending them .PHONY: install-npm -install-npm: ## install npm package manager if it cannot be found +install-npm: ## install npm package manager and dependencies if they cannot be found @[ -f "$(shell which npm)" ] || ( \ echo "Binary package manager npm not found. Attempting to install it."; \ apt-get install npm \ ) - @[ `npm ls 2>/dev/null | grep stylelint-config-standard | wc -l` = 1 ] || ( \ - echo "Install required libraries for style checks." && \ + +.PHONY: install-npm-stylelint +install-npm-stylelint: install-npm ## install stylelint dependency for 'check-css' target using npm + @[ `npm ls 2>/dev/null | grep stylelint-config-standard | grep -v UNMET | wc -l` = 1 ] || ( \ + echo "Install required dependencies for CSS checks." && \ + npm install --save-dev \ + ) + +.PHONY: install-npm-remarklint +install-npm-remarklint: install-npm ## install remark-lint dependency for 'check-md' target using npm + @[ `npm ls 2>/dev/null | grep remark-lint | grep -v UNMET | wc -l` = 1 ] || ( \ + echo "Install required dependencies for Markdown checks." && \ npm install --save-dev \ - stylelint \ - stylelint-scss \ - stylelint-config-standard \ - stylelint-csstree-validator \ ) +.PHONY: install-dev-npm +install-dev-npm: install-npm install-npm-remarklint install-npm-remarklint ## install all npm development dependencies + +.PHONY: install-dev +install-dev: install-dev-python install-dev-npm ## install all development dependencies + ## --- Launchers targets --- ## .PHONY: cron @@ -512,17 +524,17 @@ mkdir-reports: # autogen check variants with pre-install of dependencies using the '-only' target references CHECKS_EXCLUDE ?= CHECKS_PYTHON := pep8 lint security doc8 docf links imports types -CHECKS_NPM := css +CHECKS_NPM := css md CHECKS_PYTHON := $(filter-out $(CHECKS_EXCLUDE),$(CHECKS_PYTHON)) CHECKS_NPM := $(filter-out $(CHECKS_EXCLUDE),$(CHECKS_NPM)) CHECKS := $(CHECKS_PYTHON) $(CHECKS_NPM) CHECKS := $(addprefix check-, $(CHECKS)) CHECKS_PYTHON := $(addprefix check-, $(CHECKS_PYTHON)) -$(CHECKS_PYTHON): check-%: install-dev check-%-only +$(CHECKS_PYTHON): check-%: install-dev-python check-%-only CHECKS_NPM := $(addprefix check-, $(CHECKS_NPM)) -$(CHECKS_NPM): check-%: install-npm check-%-only +$(CHECKS_NPM): check-%: install-dev-npm check-%-only .PHONY: check check: check-all ## alias for 'check-all' target @@ -606,25 +618,44 @@ check-types-only: mkdir-reports ## run typing validation .PHONY: check-css-only check-css-only: mkdir-reports @echo "Running CSS style checks..." - @npx stylelint \ - --config "$(APP_ROOT)/.stylelintrc.json" \ + @npx --no-install stylelint \ + --config "$(APP_ROOT)/package.json" \ --output-file "$(REPORTS_DIR)/fixed-css.txt" \ "$(APP_ROOT)/**/*.css" +.PHONY: check-css +check-css: install-npm-stylelint check-css-only ## check CSS linting after dependency installation + +# must pass 2 search paths because '/.' are somehow not correctly detected with only the top-level +.PHONY: check-md-only +check-md-only: mkdir-reports ## check Markdown linting + @echo "Running Markdown style checks..." + @npx --no-install remark \ + --inspect --frail \ + --silently-ignore \ + --stdout --color \ + --rc-path "$(APP_ROOT)/package.json" \ + --ignore-path "$(APP_ROOT)/.remarkignore" \ + "$(APP_ROOT)" "$(APP_ROOT)/.*/" \ + > "$(REPORTS_DIR)/check-md.txt" + +.PHONY: check-md +check-md: install-npm-remarklint check-md-only ## check Markdown linting after dependency installation + # autogen fix variants with pre-install of dependencies using the '-only' target references FIXES_EXCLUDE ?= FIXES_PYTHON := imports lint docf fstring -FIXES_NPM := css +FIXES_NPM := css md FIXES_PYTHON := $(filter-out $(FIXES_EXCLUDE),$(FIXES_PYTHON)) FIXES_NPM := $(filter-out $(FIXES_EXCLUDE),$(FIXES_NPM)) FIXES := $(FIXES_PYTHON) $(FIXES_NPM) FIXES := $(addprefix fix-, $(FIXES)) FIXES_PYTHON := $(addprefix fix-, $(FIXES_PYTHON)) -$(FIXES_PYTHON): fix-%: install-dev fix-%-only +$(FIXES_PYTHON): fix-%: install-dev-python fix-%-only FIXES_NPM := $(addprefix fix-, $(FIXES_NPM)) -$(FIXES_NPM): fix-%: install-npm fix-%-only +$(FIXES_NPM): fix-%: install-dev-npm fix-%-only .PHONY: fix fix: fix-all ## alias for 'fix-all' target @@ -672,27 +703,42 @@ fix-fstring-only: mkdir-reports ## fix code string formats substitutions to f-s 1> >(tee "$(REPORTS_DIR)/fixed-fstring.txt")' .PHONY: fix-css -fix-css: install-npm fix-css-only +fix-css: install-npm-stylelint fix-css-only .PHONY: fix-css-only fix-css-only: mkdir-reports ## fix CSS styles problems automatically @echo "Fixing CSS style problems..." - @npx stylelint \ + @npx --no-install stylelint \ --fix \ - --config "$(APP_ROOT)/.stylelintrc.json" \ + --config "$(APP_ROOT)/package.json" \ --output-file "$(REPORTS_DIR)/fixed-css.txt" \ "$(APP_ROOT)/**/*.css" +# must pass 2 search paths because '/.' are somehow not correctly detected with only the top-level +.PHONY: fix-md-only +fix-md-only: mkdir-reports ## fix Markdown linting problems automatically + @echo "Running Markdown style checks..." + @npx --no-install remark \ + --output --frail \ + --silently-ignore \ + --rc-path "$(APP_ROOT)/package.json" \ + --ignore-path "$(APP_ROOT)/.remarkignore" \ + "$(APP_ROOT)" "$(APP_ROOT)/.*/" \ + 2>&1 | tee "$(REPORTS_DIR)/fixed-md.txt" + +.PHONY: fix-md +fix-md: install-npm-remarklint fix-md-only ## fix Markdown linting problems after dependency installation + ## --- Test targets --- ## .PHONY: test test: test-all ## alias for 'test-all' target .PHONY: test-all -test-all: install-dev install test-only ## run all tests combinations +test-all: install-dev-python install test-only ## run all tests combinations .PHONY: test-all -test-all: install-dev install test-only ## run all tests combinations +test-all: install-dev-python install test-only ## run all tests combinations .PHONY: test-only test-only: ## run all tests, but without prior dependency check and installation @@ -700,28 +746,28 @@ test-only: ## run all tests, but without prior dependency check and installatio @bash -c '$(CONDA_CMD) pytest tests -vv --junitxml "$(APP_ROOT)/tests/results.xml"' .PHONY: test-api -test-api: install-dev install ## run only API tests with the environment Python +test-api: install-dev-python install ## run only API tests with the environment Python @echo "Running local tests..." @bash -c '$(CONDA_CMD) pytest tests -vv -m "api" --junitxml "$(APP_ROOT)/tests/results.xml"' .PHONY: test-cli -test-cli: install-dev install ## run only CLI tests with the environment Python +test-cli: install-dev-python install ## run only CLI tests with the environment Python @echo "Running local tests..." @bash -c '$(CONDA_CMD) pytest tests -vv -m "cli" --junitxml "$(APP_ROOT)/tests/results.xml"' .PHONY: test-geoserver -test-geoserver: install-dev install ## run Geoserver requests tests against a configured Geoserver instance. Most of these tests are "online" tests +test-geoserver: install-dev-python install ## run Geoserver requests tests against a configured Geoserver instance. Most of these tests are "online" tests @echo "Running local tests..." @bash -c '$(CONDA_CMD) pytest tests -vv -m "geoserver" --junitxml "$(APP_ROOT)/tests/results.xml"' .PHONY: test-magpie -test-magpie: install-dev install ## run Magpie requests tests against a configured Magpie instance. Most of these tests are "online" tests +test-magpie: install-dev-python install ## run Magpie requests tests against a configured Magpie instance. Most of these tests are "online" tests @echo "Running local tests..." @bash -c '$(CONDA_CMD) pytest tests -vv -m "magpie" --junitxml "$(APP_ROOT)/tests/results.xml"' .PHONY: test-custom -test-custom: install-dev install ## run custom marker tests using SPEC="" +test-custom: install-dev-python install ## run custom marker tests using SPEC="" @echo "Running custom tests..." @[ "${SPEC}" ] || ( echo ">> 'TESTS' is not set"; exit 1 ) @bash -c '$(CONDA_CMD) pytest tests -vv -m "${SPEC}" --junitxml "$(APP_ROOT)/tests/results.xml"' @@ -733,7 +779,7 @@ test-docker: docker-test ## alias for 'docker-test' target [WARNING: could bui COVERAGE_FILE := $(APP_ROOT)/.coverage COVERAGE_HTML_DIR := $(REPORTS_DIR)/coverage COVERAGE_HTML_IDX := $(COVERAGE_HTML_DIR)/index.html -$(COVERAGE_FILE): install-dev +$(COVERAGE_FILE): install-dev-python @echo "Running coverage analysis..." @bash -c '$(CONDA_CMD) coverage run --source "$(APP_ROOT)/$(APP_NAME)" \ `which pytest` tests -m "not remote" || true' @@ -743,7 +789,7 @@ $(COVERAGE_FILE): install-dev @-echo "Coverage report available: file://$(COVERAGE_HTML_IDX)" .PHONY: coverage -coverage: install-dev install $(COVERAGE_FILE) ## check code coverage and generate an analysis report +coverage: install-dev-python install $(COVERAGE_FILE) ## check code coverage and generate an analysis report .PHONY: coverage-show coverage-show: $(COVERAGE_HTML_IDX) ## display HTML webpage of generated coverage report (run coverage if missing) diff --git a/cowbird/monitoring/monitor.py b/cowbird/monitoring/monitor.py index 15e56551..5b941662 100644 --- a/cowbird/monitoring/monitor.py +++ b/cowbird/monitoring/monitor.py @@ -170,7 +170,7 @@ def stop(self) -> None: self.__event_observer.join() self.__event_observer = None - def on_moved(self, event: Union[DirMovedEvent, FileMovedEvent]) -> None: + def on_moved(self, event: Union[DirMovedEvent, FileMovedEvent]) -> None: # type: ignore[override] """ Called when a file or a directory is moved or renamed. @@ -186,7 +186,7 @@ def on_moved(self, event: Union[DirMovedEvent, FileMovedEvent]) -> None: os.path.dirname(self.__src_path): self.__callback.on_created(event.dest_path) - def on_created(self, event: Union[DirCreatedEvent, FileCreatedEvent]) -> None: + def on_created(self, event: Union[DirCreatedEvent, FileCreatedEvent]) -> None: # type: ignore[override] """ Called when a file or directory is created. @@ -194,7 +194,7 @@ def on_created(self, event: Union[DirCreatedEvent, FileCreatedEvent]) -> None: """ self.__callback.on_created(event.src_path) - def on_deleted(self, event: Union[DirDeletedEvent, FileDeletedEvent]) -> None: + def on_deleted(self, event: Union[DirDeletedEvent, FileDeletedEvent]) -> None: # type: ignore[override] """ Called when a file or directory is deleted. @@ -202,7 +202,7 @@ def on_deleted(self, event: Union[DirDeletedEvent, FileDeletedEvent]) -> None: """ self.__callback.on_deleted(event.src_path) - def on_modified(self, event: Union[DirModifiedEvent, FileModifiedEvent]) -> None: + def on_modified(self, event: Union[DirModifiedEvent, FileModifiedEvent]) -> None: # type: ignore[override] """ Called when a file or directory is modified. diff --git a/cowbird/permissions_synchronizer.py b/cowbird/permissions_synchronizer.py index 6e428b90..60f2e58e 100644 --- a/cowbird/permissions_synchronizer.py +++ b/cowbird/permissions_synchronizer.py @@ -525,10 +525,13 @@ def _get_permission_data(self, .. code-block:: json - { : { - "res_path": [], - "permissions": { : [user, grp], ...}}, - ... + { + "": { + "res_path": [""], + "permissions": { + "": [{"user": "...", "group": "..."}] + } + } } """ permission_data: PermissionData = {} diff --git a/cowbird/typedefs.py b/cowbird/typedefs.py index 1699caae..de13177b 100644 --- a/cowbird/typedefs.py +++ b/cowbird/typedefs.py @@ -58,7 +58,7 @@ ParamsType = Dict[str, Any] CookiesType = Union[Dict[str, str], List[Tuple[str, str]]] HeadersType = Union[Dict[str, str], List[Tuple[str, str]]] -AnyHeadersType = Union[HeadersType, ResponseHeaders, EnvironHeaders, CaseInsensitiveDict] +AnyHeadersType = Union[HeadersType, ResponseHeaders, EnvironHeaders, CaseInsensitiveDict] # type: ignore[type-arg] AnyCookiesType = Union[CookiesType, RequestsCookieJar] AnyResponseType = Union[WebobResponse, PyramidResponse, RequestsResponse, HTTPException, TestResponseType] diff --git a/docker/Dockerfile-base b/docker/Dockerfile-base index e2b126ab..7907c4e7 100644 --- a/docker/Dockerfile-base +++ b/docker/Dockerfile-base @@ -1,4 +1,4 @@ -FROM python:3.10-alpine +FROM python:3.11-alpine3.19 LABEL description.short="Cowbird base" LABEL description.long="Cowbird middleware to manage interactions between various birds of the bird-house stack." LABEL Maintainer="Ouranos, CRIM" diff --git a/docker/hooks/README.md b/docker/hooks/README.md index 75d7507c..89bbba27 100644 --- a/docker/hooks/README.md +++ b/docker/hooks/README.md @@ -1,4 +1,4 @@ Files placed in this directory are for additional/override DockerHub auto-build hook procedures. -see: https://docs.docker.com/docker-hub/builds/advanced/ +see: [https://docs.docker.com/docker-hub/builds/advanced/](https://docs.docker.com/docker-hub/builds/advanced/) Hook directory must be placed as sibling to the referenced Dockerfile location in the automated build configuration. diff --git a/docs/conf.py b/docs/conf.py index 3838f124..24847aaf 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -150,12 +150,13 @@ def doc_redirect_include(file_path): "https://github.com/Ouranosinc/cowbird/*", # limit only Cowbird so others are still checked # ignore private links "https://github.com/Ouranosinc/PAVICS/*", - "CHANGES.rst", + ".*CHANGES.rst.*", "AUTHORS.rst", r"docs/\w+.rst", ] linkcheck_anchors_ignore = [ - r".*issuecomment.*" # github issue comment anchors not resolved + r".*issuecomment.*", # GitHub issue comment anchors not resolved + r".*CHANGES.rst.*", # GitHub anchor to specific changelog version ] linkcheck_anchors_ignore_for_url = [ diff --git a/package.json b/package.json new file mode 100644 index 00000000..f805786a --- /dev/null +++ b/package.json @@ -0,0 +1,77 @@ +{ + "devDependencies": { + "remark-cli": "^12.0.0", + "remark-frontmatter": "^5.0.0", + "remark-gfm": "^4.0.0", + "remark-lint": "^9.1.2", + "remark-lint-checkbox-content-indent": "^4.1.2", + "remark-lint-maximum-line-length": "^3.1.3", + "remark-preset-lint-markdown-style-guide": "^5.1.3", + "remark-preset-lint-recommended": "^6.1.3", + "stylelint": "^15.11.0", + "stylelint-config-standard": "^34.0.0", + "stylelint-scss": "^5.3.2", + "stylelint-csstree-validator": "^3.0.0" + }, + "remarkConfig": { + "settings": { + "bullet": "-", + "fence": "`", + "fences": "true", + "listItemIndent": "mixed", + "incrementListMarker": "true", + "resourceLink": "true", + "rule": "-" + }, + "plugins": [ + "remark-gfm", + "remark-frontmatter", + "remark-preset-lint-markdown-style-guide", + "remark-preset-lint-recommended", + "remark-lint-list-item-content-indent", + "remark-lint-checkbox-content-indent", + [ + "lint-fenced-code-marker", + "`" + ], + [ + "lint-list-item-indent", + "mixed" + ], + [ + "lint-maximum-line-length", + 120 + ], + [ + "lint-ordered-list-marker-style", + "." + ], + [ + "lint-ordered-list-marker-value", + "ordered" + ], + [ + "lint-unordered-list-marker-style", + "consistent" + ] + ] + }, + "stylelint": { + "extends": "stylelint-config-standard", + "ignoreFiles": [ + "docs/_build/**", + "docs/build/**" + ], + "rules": { + "block-no-empty": null, + "color-no-invalid-hex": true, + "color-hex-case": "upper", + "color-hex-length": "long", + "indentation": [ + 4 + ], + "property-no-vendor-prefix": null, + "no-descending-specificity": null + } + } +} diff --git a/requirements-doc.txt b/requirements-doc.txt index 8bcbd333..f7b6f1fc 100644 --- a/requirements-doc.txt +++ b/requirements-doc.txt @@ -5,10 +5,10 @@ -r requirements.txt # these are doc-only requirements astroid>=2.11.0,<3 -jinja2<3.1 # Avoid jinja2 3.1 version, which breaks with sphinx 3.X (https://github.com/sphinx-doc/sphinx/issues/10291) +jinja2>=3.1.4,<3.2 # pyup: ignore # all versions flagged, no fix possible! sphinx-autoapi>=2.1.0 sphinx-paramlinks>=0.4.1 -sphinx==7.1 +sphinx>=7.1,<8 sphinxcontrib-redoc>=1.6.0 -sphinx_autodoc_typehints[type-comment]>=1.19.3,<1.23.1 +sphinx_autodoc_typehints[type-comment]>=1.25 sphinx_rtd_theme diff --git a/requirements.txt b/requirements.txt index 71115690..8925940e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,9 +5,8 @@ cornice>=5 cornice_swagger>=0.7.0 dicttoxml>=1.7.16 # flag --paste breaks for >20 unless using pserve -gunicorn<20; python_version < "3.5" # pyup: ignore gunicorn>=20 -magpie @ git+https://github.com/Ouranosinc/Magpie@3.34.0 +magpie @ git+https://github.com/Ouranosinc/Magpie@4.0.0 paste pastedeploy pymongo[srv]>=4.4,<5 # required to work with pinned celery @@ -22,6 +21,6 @@ schema simplejson threddsclient==0.4.4 typing_extensions -watchdog +watchdog>=4 webob tornado>=6.4.1 # not directly required, pinned by Snyk to avoid a vulnerability