Merge pull request #216 from open-zaak/issue/security-updates

⬆️ [maykinmedia/open-api-framework#93] Security updates
open-zaak · Jan 16, 2025 · 2528adf · 2528adf
2 parents e3970a2 + 25b206c
commit 2528adf
Show file tree

Hide file tree

Showing 10 changed files with 645 additions and 358 deletions.
diff --git a/bin/compile_dependencies.bat b/bin/compile_dependencies.bat
diff --git a/bin/compile_dependencies.cmd b/bin/compile_dependencies.cmd
diff --git a/bin/compile_dependencies.sh b/bin/compile_dependencies.sh
@@ -1,45 +1,38 @@
-#!/bin/bash
-
+#!/bin/sh
 #
 # Compile the dependencies for production, CI and development.
 #
 # Usage, in the root of the project:
 #
 #     ./bin/compile_dependencies.sh
 #
-# Any extra flags/arguments passed to this wrapper script are passed down to pip-compile.
+# Any extra flags/arguments passed to this wrapper script are passed down to uv pip compile.
 # E.g. to update a package:
 #
 #     ./bin/compile_dependencies.sh --upgrade-package django
-
 set -ex
 
-toplevel=$(git rev-parse --show-toplevel)
+command -v uv || (echo "uv not found on PATH. Install it https://astral.sh/uv" >&2 && exit 1)
 
-cd $toplevel
+root_dir=$(git rev-parse --show-toplevel)
 
-export CUSTOM_COMPILE_COMMAND="./bin/compile_dependencies.sh"
+export UV_CUSTOM_COMPILE_COMMAND="./bin/compile_dependencies.sh"
 
 # Base (& prod) deps
-pip-compile \
-    --no-emit-index-url \
+uv pip compile \
+    --output-file "$root_dir/requirements/base.txt" \
     "$@" \
-    requirements/base.in
+    "$root_dir/requirements/base.in"
 
-# Dependencies for ci
-pip-compile \
-    --no-emit-index-url \
-    --output-file requirements/ci.txt \
+# Dependencies for testing
+uv pip compile \
+    --output-file "$root_dir/requirements/ci.txt" \
     "$@" \
-    requirements/base.txt \
-    requirements/test-tools.in \
-    requirements/ci.in
+    "$root_dir/requirements/test-tools.in" \
+    "$root_dir/requirements/docs.in"
 
-# Dependencies for development
-pip-compile \
-    --no-emit-index-url \
-    --output-file requirements/dev.txt \
+# Dev depedencies - exact same set as CI + some extra tooling
+uv pip compile \
+    --output-file "$root_dir/requirements/dev.txt" \
     "$@" \
-    requirements/base.txt \
-    requirements/test-tools.in \
-    requirements/dev.in
+    "$root_dir/requirements/dev.in"
diff --git a/requirements/base.txt b/requirements/base.txt
@@ -1,9 +1,5 @@
-#
-# This file is autogenerated by pip-compile with Python 3.11
-# by the following command:
-#
+# This file was autogenerated by uv via the following command:
 #    ./bin/compile_dependencies.sh
-#
 amqp==5.2.0
     # via kombu
 annotated-types==0.7.0
@@ -62,7 +58,7 @@ click-plugins==1.1.1
     # via celery
 click-repl==0.3.0
     # via celery
-commonground-api-common[setup-configuration]==2.2.0
+commonground-api-common==2.2.0
     # via
     #   -r requirements/base.in
     #   open-api-framework
@@ -77,7 +73,7 @@ cryptography==43.0.0
     #   mozilla-django-oidc
     #   pyopenssl
     #   webauthn
-django==4.2.15
+django==4.2.17
     # via
     #   commonground-api-common
     #   django-admin-index
@@ -173,7 +169,7 @@ django-solo==2.3.0
     #   mozilla-django-oidc-db
     #   notifications-api-common
     #   zgw-consumers
-django-two-factor-auth[phonenumberslite,webauthn]==1.16.0
+django-two-factor-auth==1.16.0
     # via maykin-2fa
 djangorestframework==3.15.2
     # via
@@ -195,10 +191,8 @@ djangorestframework-inclusions==1.2.0
     # via open-api-framework
 drf-nested-routers==0.94.1
     # via commonground-api-common
-drf-spectacular[sidecar]==0.27.2
-    # via
-    #   drf-spectacular
-    #   open-api-framework
+drf-spectacular==0.27.2
+    # via open-api-framework
 drf-spectacular-sidecar==2024.7.1
     # via drf-spectacular
 drf-yasg==1.21.7
@@ -232,7 +226,7 @@ isodate==0.6.1
     # via commonground-api-common
 itypes==1.2.0
     # via coreapi
-jinja2==3.1.4
+jinja2==3.1.5
     # via coreschema
 josepy==1.14.0
     # via mozilla-django-oidc
@@ -250,15 +244,15 @@ maykin-2fa==1.0.1
     # via open-api-framework
 mozilla-django-oidc==4.0.1
     # via mozilla-django-oidc-db
-mozilla-django-oidc-db[setup-configuration]==0.21.1
+mozilla-django-oidc-db==0.21.1
     # via
     #   -r requirements/base.in
     #   open-api-framework
-notifications-api-common[setup-configuration]==0.4.0
+notifications-api-common==0.4.0
     # via
     #   -r requirements/base.in
     #   commonground-api-common
-open-api-framework==0.9.1
+open-api-framework==0.9.2
     # via -r requirements/base.in
 orderedmultidict==1.0.1
     # via furl
@@ -282,10 +276,8 @@ pydantic==2.10.2
     #   pydantic-settings
 pydantic-core==2.27.1
     # via pydantic
-pydantic-settings[yaml]==2.6.1
-    # via
-    #   django-setup-configuration
-    #   pydantic-settings
+pydantic-settings==2.6.1
+    # via django-setup-configuration
 pyjwt==2.9.0
     # via
     #   commonground-api-common
@@ -353,7 +345,7 @@ six==1.16.0
     #   python-dateutil
 sqlparse==0.5.1
     # via django
-tornado==6.4.1
+tornado==6.4.2
     # via flower
 typing-extensions==4.12.2
     # via
@@ -389,7 +381,7 @@ webencodings==0.5.1
     # via bleach
 wrapt==1.16.0
     # via elastic-apm
-zgw-consumers[setup-configuration]==0.36.0
+zgw-consumers==0.36.0
     # via
     #   -r requirements/base.in
     #   commonground-api-common

diff --git a/requirements/ci.in b/requirements/ci.in