From 648ad797aaf9aebcbe364e48b1d9e41264ac0a0d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 3 Oct 2024 00:32:43 +0000 Subject: [PATCH] Update all dependencies --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/mega-linter.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- Dockerfile | 4 ++-- pyproject.toml | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ce8c5cb..207fa3c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,14 +26,14 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Initialize CodeQL - uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/init@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 with: languages: "python" - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/analyze@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 with: category: "/language:python" diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 84fd5f6..1f42e64 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -30,7 +30,7 @@ jobs: egress-policy: audit - name: Checkout Code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c48e363..c78cd4b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -31,7 +31,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: persist-credentials: false @@ -44,6 +44,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 with: sarif_file: results.sarif diff --git a/Dockerfile b/Dockerfile index 415bdc6..a571279 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM cgr.dev/chainguard/python:latest-dev@sha256:e4453f844869a2f510d464471440293e4cb9517f7f861b5f90dd649e41b12e31 AS builder +FROM cgr.dev/chainguard/python:latest-dev@sha256:c2cc6c84a8450b586954896f963c1cd6ae7b28a3b252c362fb0e01a4c58cd4fd AS builder ENV PATH=$PATH:/home/nonroot/.local/bin @@ -10,7 +10,7 @@ ENV PATH=/home/nonroot/.local/bin:$PATH RUN wget -q -O - https://install.python-poetry.org | python - RUN poetry install --no-root; -FROM cgr.dev/chainguard/python:latest@sha256:72d500b1974e2081b2b10f4737b5b7307298810b288fc645b531eaa0f8c86672 +FROM cgr.dev/chainguard/python:latest@sha256:2fb6c1fcd0ee933b44628db6a9a5084faa686fec76041b852ac1680415a2fdc0 USER nonroot ENV DB_HOST localhost ENV DB_NAME postgres diff --git a/pyproject.toml b/pyproject.toml index 873d0ed..9994073 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,14 +12,14 @@ fastapi = "0.115.0" psycopg2-binary = "2.9.9" pydantic = "2.9.2" sqlalchemy = "2.0.35" -uvicorn = "0.30.6" +uvicorn = "0.31.0" requests = "2.32.3" certifi = "2024.8.30" cvss = "3.2" defusedxml = "0.7.1" packageurl-python = "0.15.6" idna = "3.10" -starlette = "0.38.6" +starlette = "0.39.2" [build-system]