Updates addressing tornado and aiohttp security vulnerabilities in st…

…reamlit requirements.txt and dev.txt
nimh-dsst · Dec 12, 2024 · cc150dc · cc150dc
1 parent 4764a63
commit cc150dc
Show file tree

Hide file tree

Showing 3 changed files with 124 additions and 98 deletions.
diff --git a/presentations/streamlit-demo/dev.txt b/presentations/streamlit-demo/dev.txt
@@ -6,26 +6,27 @@
 #
 aiobotocore==2.15.2
     # via s3fs
-aiohappyeyeballs==2.4.3
+aiohappyeyeballs==2.4.4
     # via aiohttp
-aiohttp==3.10.10
+aiohttp==3.11.10
     # via
+    #   -r ./requirements.in
     #   aiobotocore
     #   nwbinspector
     #   s3fs
 aioitertools==0.12.0
     # via aiobotocore
 aiosignal==1.3.1
     # via aiohttp
-altair==5.4.1
+altair==5.5.0
     # via streamlit
 annotated-types==0.7.0
     # via pydantic
 arrow==1.3.0
     # via isoduration
 asciitree==0.3.3
     # via zarr
-asttokens==2.4.1
+asttokens==3.0.0
     # via stack-data
 attrs==24.2.0
     # via
@@ -40,7 +41,7 @@ black==24.10.0
     # via -r dev.in
 blessed==1.20.0
     # via pyout
-blinker==1.8.2
+blinker==1.9.0
     # via streamlit
 botocore==1.35.36
     # via aiobotocore
@@ -66,11 +67,11 @@ click==8.1.7
     #   zarr-checksum
 click-didyoumean==0.3.1
     # via dandi
-contourpy==1.3.0
+contourpy==1.3.1
     # via matplotlib
 cycler==0.12.1
     # via matplotlib
-dandi==0.63.1
+dandi==0.66.1
     # via -r ./requirements.in
 dandischema==0.10.4
     # via dandi
@@ -90,17 +91,17 @@ fasteners==0.19
     #   zarr
 flake8==7.1.1
     # via -r dev.in
-fonttools==4.54.1
+fonttools==4.55.3
     # via matplotlib
 fqdn==1.5.1
     # via jsonschema
-frozenlist==1.4.1
+frozenlist==1.5.0
     # via
     #   aiohttp
     #   aiosignal
-fscacher==0.4.1
+fscacher==0.4.3
     # via dandi
-fsspec==2024.9.0
+fsspec==2024.10.0
     # via
     #   nwbinspector
     #   s3fs
@@ -115,7 +116,10 @@ h5py==3.12.1
 hdmf==3.14.5
     # via
     #   dandi
+    #   hdmf-zarr
     #   pynwb
+hdmf-zarr==0.9.0
+    # via nwbinspector
 humanize==4.11.0
     # via dandi
 idna==3.10
@@ -126,9 +130,9 @@ idna==3.10
     #   yarl
 importlib-metadata==8.5.0
     # via keyring
-interleave==0.2.1
+interleave==0.2.2
     # via dandi
-ipython==8.28.0
+ipython==8.30.0
     # via -r dev.in
 isodate==0.7.2
     # via nwbinspector
@@ -146,7 +150,7 @@ jaraco-context==6.0.1
     #   keyrings-alt
 jaraco-functools==4.1.0
     # via keyring
-jedi==0.19.1
+jedi==0.19.2
     # via ipython
 jinja2==3.1.4
     # via
@@ -169,17 +173,17 @@ jsonschema[format]==4.23.0
     #   pyout
 jsonschema-specifications==2024.10.1
     # via jsonschema
-keyring==25.4.1
+keyring==25.5.0
     # via dandi
 keyrings-alt==5.0.2
     # via dandi
 kiwisolver==1.4.7
     # via matplotlib
 markdown-it-py==3.0.0
     # via rich
-markupsafe==3.0.1
+markupsafe==3.0.2
     # via jinja2
-matplotlib==3.9.2
+matplotlib==3.9.3
     # via -r ./requirements.in
 matplotlib-inline==0.1.7
     # via ipython
@@ -195,37 +199,38 @@ multidict==6.1.0
     # via
     #   aiohttp
     #   yarl
-mypy==1.11.2
+mypy==1.13.0
     # via -r dev.in
 mypy-extensions==1.0.0
     # via
     #   black
     #   mypy
-narwhals==1.9.3
+narwhals==1.17.0
     # via altair
 natsort==8.4.0
     # via nwbinspector
-numcodecs==0.13.1
-    # via zarr
-numpy==2.1.2
+numcodecs==0.14.1
+    # via
+    #   hdmf-zarr
+    #   zarr
+numpy==2.2.0
     # via
     #   contourpy
     #   h5py
     #   hdmf
+    #   hdmf-zarr
     #   matplotlib
     #   numcodecs
-    #   nwbinspector
     #   pandas
     #   pandas-stubs
-    #   pyarrow
     #   pydeck
     #   pynwb
     #   scipy
     #   streamlit
     #   zarr
-nwbinspector==0.4.37
+nwbinspector==0.6.1
     # via dandi
-packaging==24.1
+packaging==24.2
     # via
     #   altair
     #   black
@@ -240,15 +245,15 @@ pandas==2.2.3
     #   hdmf
     #   pynwb
     #   streamlit
-pandas-stubs==2.2.3.241009
+pandas-stubs==2.2.3.241126
     # via -r dev.in
 parso==0.8.4
     # via jedi
 pathspec==0.12.1
     # via black
 pexpect==4.9.0
     # via ipython
-pillow==10.4.0
+pillow==11.0.0
     # via
     #   matplotlib
     #   streamlit
@@ -261,25 +266,27 @@ platformdirs==4.3.6
     #   fscacher
 prompt-toolkit==3.0.48
     # via ipython
-propcache==0.2.0
-    # via yarl
-protobuf==5.28.2
+propcache==0.2.1
+    # via
+    #   aiohttp
+    #   yarl
+protobuf==5.29.1
     # via streamlit
 ptyprocess==0.7.0
     # via pexpect
 pure-eval==0.2.3
     # via stack-data
-pyarrow==17.0.0
+pyarrow==18.1.0
     # via streamlit
 pycodestyle==2.12.1
     # via flake8
 pycryptodomex==3.21.0
     # via dandi
-pydantic[email]==2.9.2
+pydantic[email]==2.10.3
     # via
     #   dandi
     #   dandischema
-pydantic-core==2.23.4
+pydantic-core==2.27.1
     # via pydantic
 pydeck==0.9.1
     # via streamlit
@@ -289,13 +296,14 @@ pygments==2.18.0
     # via
     #   ipython
     #   rich
-pynwb==2.8.2
+pynwb==2.8.3
     # via
     #   dandi
+    #   hdmf-zarr
     #   nwbinspector
 pyout==0.7.3
     # via dandi
-pyparsing==3.1.4
+pyparsing==3.2.0
     # via matplotlib
 pyproject-hooks==1.2.0
     # via
@@ -330,53 +338,54 @@ rfc3339-validator==0.1.4
     # via jsonschema
 rfc3987==1.3.8
     # via jsonschema
-rich==13.9.2
+rich==13.9.4
     # via streamlit
-rpds-py==0.20.0
+rpds-py==0.22.3
     # via
     #   jsonschema
     #   referencing
 ruamel-yaml==0.18.6
     # via
     #   dandi
     #   hdmf
-ruamel-yaml-clib==0.2.8
+ruamel-yaml-clib==0.2.12
     # via ruamel-yaml
-s3fs==2024.9.0
+s3fs==2024.10.0
     # via nwbinspector
 scipy==1.14.1
     # via hdmf
 semantic-version==2.10.0
     # via dandi
-six==1.16.0
+six==1.17.0
     # via
-    #   asttokens
     #   blessed
     #   python-dateutil
     #   rfc3339-validator
 smmap==5.0.1
     # via gitdb
 stack-data==0.6.3
     # via ipython
-streamlit==1.39.0
+streamlit==1.41.0
     # via -r ./requirements.in
 tenacity==9.0.0
     # via
     #   dandi
     #   streamlit
+threadpoolctl==3.5.0
+    # via hdmf-zarr
 toml==0.10.2
     # via streamlit
-tornado==6.4.1
+tornado==6.4.2
     # via streamlit
-tqdm==4.66.5
+tqdm==4.67.1
     # via
     #   nwbinspector
     #   zarr-checksum
 traitlets==5.14.3
     # via
     #   ipython
     #   matplotlib-inline
-types-python-dateutil==2.9.0.20241003
+types-python-dateutil==2.9.0.20241206
     # via arrow
 types-pytz==2024.2.0.20241003
     # via pandas-stubs
@@ -395,30 +404,33 @@ uri-template==1.3.0
 urllib3==2.2.3
     # via
     #   botocore
+    #   dandi
     #   requests
-watchdog==5.0.3
+watchdog==6.0.0
     # via -r dev.in
 wcwidth==0.2.13
     # via
     #   blessed
     #   prompt-toolkit
-webcolors==24.8.0
+webcolors==24.11.1
     # via jsonschema
-wheel==0.44.0
+wheel==0.45.1
     # via pip-tools
-wrapt==1.16.0
+wrapt==1.17.0
     # via aiobotocore
-yarl==1.14.0
+yarl==1.18.3
     # via
     #   aiohttp
     #   dandi
 zarr==2.18.3
-    # via dandi
+    # via
+    #   dandi
+    #   hdmf-zarr
 zarr-checksum==0.4.2
     # via
     #   dandi
     #   dandischema
-zipp==3.20.2
+zipp==3.21.0
     # via importlib-metadata
 
 # The following packages are considered to be unsafe in a requirements file:

diff --git a/presentations/streamlit-demo/requirements.in b/presentations/streamlit-demo/requirements.in
@@ -1,3 +1,4 @@
 streamlit
 dandi
 matplotlib
+aiohttp>=3.10.11