Security updates for djangorestframework, azure-identity, urllib3, re…

…quests (#1649) * Security updates for djangorestframework, azure-identity, urllib3, requests * Ignore security 70612 * Add inflection * selinux and disable module --------- Co-authored-by: Henning Seljenes <hseljene@redhat.com>
cloudigrade · Jul 1, 2024 · 84e5555 · 84e5555
1 parent 7eb942a
commit 84e5555
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 40 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -55,7 +55,7 @@ jobs:
       - uses: actions/checkout@v4
       - run: pip install poetry safety
       - run: poetry install
-      - run: bash -c "poetry run pip freeze | poetry run safety check --stdin -i 42923 -i 65213"
+      - run: bash -c "poetry run pip freeze | poetry run safety check --stdin -i 42923 -i 65213 -i 70612"
 
   test-docs:
     name: Verify docs and openapi.json

diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 ### Base Image
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.9-1029 as base
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.10-896.1717584414 as base
 
 WORKDIR /opt/cloudigrade
 
@@ -8,6 +8,7 @@ RUN curl -so 'pgdg-redhat-repo-latest.noarch.rpm' 'https://download.postgresql.o
     && rpm --verbose -K 'pgdg-redhat-repo-latest.noarch.rpm' || true
 
 RUN rpm -iv 'pgdg-redhat-repo-latest.noarch.rpm' \
+    && microdnf module disable -y postgresql \
     && microdnf update \
     && microdnf install -y \
         git \

diff --git a/deployment/scripts/sonarqube.sh b/deployment/scripts/sonarqube.sh
@@ -42,7 +42,7 @@ echo SONAR_SCANNER_NAME="${SONAR_SCANNER_NAME}" >> "${ENV_FILE}"
 # Run the SonarQube scanner in a Docker container.
 docker pull "${JAVA_IMAGE}"
 docker run \
-  -v"${RUN_DIR}":/workspace \
+  -v"${RUN_DIR}":/workspace:z \
   --env-file "${ENV_FILE}" \
   "${JAVA_IMAGE}" \
   bash /workspace/sonarqube/scripts/sonarqube_exec.sh

diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -13,15 +13,15 @@ boto3 = "~=1.33.6"
 celery = "~=5.3.1"
 psycopg2 = "~=2.9.3"
 python-dateutil = "~=2.8.2"
-djangorestframework = "~=3.14.0"
+djangorestframework = "3.15.2"
 drf-insights-pagination = "~=1.0.1"
 gunicorn = "^22.0.0"
 django-health-check = "~=3.17.0"
 sentry-sdk = "~=1.38.0"
 Django = "~=4.2.7"
 django_celery_beat = "~=2.5.0"
 Faker = "~=16.9.0"
-requests = "~=2.31.0"
+requests = "^2.32.3"
 uritemplate = "~=4.1.1"
 rest-framework-generic-relations = "~=2.1.0"
 watchtower = "~=3.0.0"
@@ -30,7 +30,7 @@ django-filter = "~=22.1"
 django-cache-memoize = "~=0.2.0"
 app-common-python = "^0.2.3"
 azure-cli-core = "^2.39.0"
-azure-identity = "^1.10.0"
+azure-identity = "1.16.1"
 azure-mgmt-managedservices = "^6.0.0"
 azure-mgmt-resource = "^22.0.0"
 django-prometheus = "~=2.3.1"
@@ -43,6 +43,8 @@ pyopenssl = "24.1.0"
 black = "^24.4.2"
 typing-extensions = "^4.11.0"
 crc-bonfire = "^5.7.2"
+urllib3 = "1.26.19"
+inflection = "^0.5.1"
 
 
 [tool.poetry.dev-dependencies]