Update (most) Python deps

CHANGES.rst

@@ -7,6 +7,19 @@ Version 3.2.1
 
 *Unreleased*
 
+Security fixes
+^^^^^^^^^^^^^^
+
+- Update `cryptography <https://pypi.org/project/cryptography/>`_ library due to
+  vulnerabilities in OpenSSL (CVE-2022-3602, CVE-2022-3786)
+
+.. note::
+
+    We do not think that Indico is affected by those vulnerabilities as it does
+    not use the *cryptography* library itself, and the dependency that uses it
+    is only used during SSO (OAuth) logins and most likely in a way that is not
+    vulnerable. It is nonetheless recommended to update as soon as possible.
+
 Internationalization
 ^^^^^^^^^^^^^^^^^^^^
 

requirements.dev.txt

@@ -23,7 +23,7 @@ babel==2.10.3
     # via
     #   -c requirements.txt
     #   sphinx
-build==0.8.0
+build==0.9.0
     # via pip-tools
 certifi==2022.9.24
     # via
@@ -40,9 +40,9 @@ click==8.1.3
     #   flask-url-map-serializer
     #   pip-tools
     #   pyquotes
-colorama==0.4.5
+colorama==0.4.6
     # via sphinx-autobuild
-coverage[toml]==6.4.4
+coverage[toml]==6.5.0
     # via pytest-cov
 deprecated==1.2.13
     # via
@@ -53,6 +53,8 @@ docutils==0.17.1
     #   plantweb
     #   sphinx
     #   sphinx-rtd-theme
+exceptiongroup==1.0.1
+    # via pytest
 flake8==5.0.4
     # via
     #   -r requirements.dev.in
@@ -67,7 +69,7 @@ flask-url-map-serializer==0.0.1
     # via -r requirements.dev.in
 freezegun==1.2.2
     # via -r requirements.dev.in
-greenlet==1.1.3
+greenlet==2.0.1
     # via
     #   -c requirements.txt
     #   sqlalchemy
@@ -81,7 +83,7 @@ idna==3.4
     #   requests
 imagesize==1.4.1
     # via sphinx
-importlib-metadata==4.12.0
+importlib-metadata==5.0.0
     # via
     #   -c requirements.txt
     #   flask
@@ -126,18 +128,16 @@ parso==0.8.3
     #   pyquotes
 pep517==0.13.0
     # via build
-pip-tools==6.8.0
+pip-tools==6.9.0
     # via -r requirements.dev.in
 plantweb==1.2.1
     # via -r requirements.dev.in
 pluggy==1.0.0
     # via pytest
 port-for==0.6.2
     # via pytest-redis
-psutil==5.9.2
+psutil==5.9.4
     # via mirakuru
-py==1.11.0
-    # via pytest
 pycodestyle==2.9.1
     # via flake8
 pyflakes==2.5.0
@@ -153,7 +153,7 @@ pyparsing==3.0.9
     #   packaging
 pyquotes==1.0.0
     # via -r requirements.dev.in
-pytest==7.1.3
+pytest==7.2.0
     # via
     #   -r requirements.dev.in
     #   pytest-cov
@@ -164,7 +164,7 @@ pytest-cov==4.0.0
     # via -r requirements.dev.in
 pytest-localserver[smtp]==0.7.0
     # via -r requirements.dev.in
-pytest-mock==3.9.0
+pytest-mock==3.10.0
     # via -r requirements.dev.in
 pytest-redis==2.4.0
     # via -r requirements.dev.in
@@ -174,11 +174,11 @@ python-dateutil==2.8.2
     # via
     #   -c requirements.txt
     #   freezegun
-pytz==2022.2.1
+pytz==2022.6
     # via
     #   -c requirements.txt
     #   babel
-pyupgrade==2.38.2
+pyupgrade==3.2.0
     # via -r requirements.dev.in
 pywatchman==1.4.1 ; python_version < "3.10"
     # via -r requirements.dev.in
@@ -203,7 +203,7 @@ six==1.16.0
     #   sqlbag
 snowballstemmer==2.2.0
     # via sphinx
-sphinx==5.2.2
+sphinx==5.3.0
     # via
     #   -r requirements.dev.in
     #   sphinx-autobuild
@@ -213,7 +213,7 @@ sphinx-autobuild==2021.3.14
     # via -r requirements.dev.in
 sphinx-issues==3.0.1
     # via -r requirements.dev.in
-sphinx-rtd-theme==1.0.0
+sphinx-rtd-theme==1.1.1
     # via -r requirements.dev.in
 sphinxcontrib-applehelp==1.0.2
     # via sphinx
@@ -227,7 +227,7 @@ sphinxcontrib-qthelp==1.0.3
     # via sphinx
 sphinxcontrib-serializinghtml==1.1.5
     # via sphinx
-sqlalchemy==1.4.41
+sqlalchemy==1.4.43
     # via
     #   -c requirements.txt
     #   schemainspect
@@ -236,7 +236,7 @@ sqlbag==0.1.1617247075
     # via migra
 sqlparse==0.4.3
     # via -r requirements.dev.in
-tokenize-rt==4.2.1
+tokenize-rt==5.0.0
     # via pyupgrade
 tomli==2.0.1
     # via
@@ -255,13 +255,13 @@ werkzeug==2.2.2
     #   -c requirements.txt
     #   flask
     #   pytest-localserver
-wheel==0.37.1
+wheel==0.38.3
     # via pip-tools
 wrapt==1.14.1
     # via
     #   -c requirements.txt
     #   deprecated
-zipp==3.8.1
+zipp==3.10.0
     # via
     #   -c requirements.txt
     #   importlib-metadata

requirements.in

@@ -1,6 +1,6 @@
 alembic
 authlib
-babel
+babel<2.11  # big update, not right before a release
 bcrypt
 bleach[css]
 blinker
@@ -19,12 +19,12 @@ flask-marshmallow
 flask-migrate
 flask-multipass
 flask-pluginengine
-flask-sqlalchemy
+flask-sqlalchemy<3  # separate PR: https://github.com/indico/indico/pull/5522
 flask-webpackext
 flask-wtf
 flask
 html2text
-icalendar
+icalendar<5  # major update, not right before a release
 indico-fonts
 ipython
 itsdangerous

requirements.txt

@@ -10,7 +10,7 @@ alembic==1.8.1
     #   flask-migrate
 amqp==5.1.1
     # via kombu
-asttokens==2.0.8
+asttokens==2.1.0
     # via
     #   sentry-sdk
     #   stack-data
@@ -26,7 +26,7 @@ babel==2.10.3
     #   flask-babel
 backcall==0.2.0
     # via ipython
-bcrypt==4.0.0
+bcrypt==4.0.1
     # via -r requirements.in
 billiard==3.6.4.0
     # via celery
@@ -73,23 +73,23 @@ colorclass==2.2.2
     # via -r requirements.in
 commonmark==0.9.1
     # via rich
-cryptography==38.0.1
+cryptography==38.0.3
     # via authlib
 decorator==5.1.1
     # via ipython
 deprecated==1.2.13
     # via
     #   limits
     #   redis
-distro==1.7.0
+distro==1.8.0
     # via -r requirements.in
 dnspython==2.2.1
     # via email-validator
 email-validator==1.2.1
     # via
     #   -r requirements.in
     #   wtforms
-executing==1.1.0
+executing==1.2.0
     # via
     #   sentry-sdk
     #   stack-data
@@ -113,7 +113,7 @@ flask-babel==2.0.0
     # via -r requirements.in
 flask-caching==2.0.1
     # via -r requirements.in
-flask-limiter==2.6.3
+flask-limiter==2.7.0
     # via -r requirements.in
 flask-marshmallow==0.14.0
     # via -r requirements.in
@@ -131,7 +131,7 @@ flask-webpackext==1.0.2
     # via -r requirements.in
 flask-wtf==1.0.1
     # via -r requirements.in
-greenlet==1.1.3
+greenlet==2.0.1
     # via sqlalchemy
 hiredis==2.0.0
     # via redis
@@ -145,13 +145,13 @@ idna==3.4
     # via
     #   email-validator
     #   requests
-importlib-metadata==4.12.0
+importlib-metadata==5.0.0
     # via
     #   flask
     #   markdown
 indico-fonts==1.1
     # via -r requirements.in
-ipython==8.5.0
+ipython==8.6.0
     # via -r requirements.in
 itsdangerous==2.1.2
     # via
@@ -166,11 +166,11 @@ jinja2==3.1.2
     #   flask
     #   flask-babel
     #   flask-pluginengine
-jsonschema==4.16.0
+jsonschema==4.17.0
     # via -r requirements.in
 kombu==5.2.4
     # via celery
-limits==2.7.0
+limits==2.7.1
     # via flask-limiter
 lxml[html5]==4.9.1
     # via
@@ -196,7 +196,7 @@ marshmallow==3.18.0
     #   marshmallow-oneofschema
     #   marshmallow-sqlalchemy
     #   webargs
-marshmallow-dataclass[enum]==8.5.8
+marshmallow-dataclass[enum]==8.5.9
     # via -r requirements.in
 marshmallow-enum==1.5.1
     # via
@@ -226,17 +226,17 @@ pexpect==4.8.0
     # via ipython
 pickleshare==0.7.5
     # via ipython
-pillow==9.2.0
+pillow==9.3.0
     # via
     #   -r requirements.in
     #   captcha
     #   reportlab
-prompt-toolkit==3.0.31
+prompt-toolkit==3.0.32
     # via
     #   -r requirements.in
     #   click-repl
     #   ipython
-psycopg2==2.9.3
+psycopg2==2.9.5
     # via -r requirements.in
 ptyprocess==0.7.0
     # via pexpect
@@ -259,17 +259,17 @@ pynpm==0.1.2
     #   pywebpack
 pyparsing==3.0.9
     # via packaging
-pypdf2==2.11.0
+pypdf2==2.11.1
     # via -r requirements.in
-pyrsistent==0.18.1
+pyrsistent==0.19.2
     # via jsonschema
 python-dateutil==2.8.2
     # via
     #   -r requirements.in
     #   feedgen
     #   icalendar
     #   wtforms-dateutil
-pytz==2022.2.1
+pytz==2022.6
     # via
     #   -r requirements.in
     #   babel
@@ -288,13 +288,13 @@ redis[hiredis]==4.3.4
     # via
     #   -r requirements.in
     #   celery
-reportlab==3.6.11
+reportlab==3.6.12
     # via -r requirements.in
 requests==2.28.1
     # via -r requirements.in
-rich==12.5.1
+rich==12.6.0
     # via flask-limiter
-sentry-sdk[celery,flask,pure_eval,sqlalchemy]==1.9.9
+sentry-sdk[celery,flask,pure_eval,sqlalchemy]==1.10.1
     # via -r requirements.in
 simplejson==3.17.6
     # via -r requirements.in
@@ -308,27 +308,27 @@ six==1.16.0
     #   python-dateutil
 speaklater==1.3
     # via -r requirements.in
-sqlalchemy==1.4.41
+sqlalchemy==1.4.43
     # via
     #   -r requirements.in
     #   alembic
     #   flask-sqlalchemy
     #   marshmallow-sqlalchemy
     #   sentry-sdk
     #   wtforms-sqlalchemy
-stack-data==0.5.1
+stack-data==0.6.0
     # via ipython
 terminaltables==3.1.10
     # via -r requirements.in
 tinycss2==1.1.1
     # via bleach
-traitlets==5.4.0
+traitlets==5.5.0
     # via
     #   ipython
     #   matplotlib-inline
 translitcodec==0.7.0
     # via -r requirements.in
-typing-extensions==4.3.0
+typing-extensions==4.4.0
     # via
     #   flask-limiter
     #   limits
@@ -374,7 +374,7 @@ wtforms-sqlalchemy==0.3
     # via -r requirements.in
 xlsxwriter==3.0.3
     # via -r requirements.in
-zipp==3.8.1
+zipp==3.10.0
     # via importlib-metadata
 
 # The following packages are considered to be unsafe in a requirements file: