From 85eda2ba12323514a843a3f97df29b823879b7ce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 05:51:45 +0000 Subject: [PATCH 01/27] Bump boto3 from 1.35.10 to 1.35.14 Bumps [boto3](https://github.com/boto/boto3) from 1.35.10 to 1.35.14. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.10...1.35.14) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index 4541364..c36b9f1 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,4 +1,4 @@ -boto3==1.35.10 +boto3==1.35.14 Flask==3.0.3 Flask-Cors==5.0.0 rsa==4.9 From 1e3b6ac50cf77e1a42bcce77c60931edecdd9718 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 05:51:49 +0000 Subject: [PATCH 02/27] Bump cryptography from 43.0.0 to 43.0.1 Bumps [cryptography](https://github.com/pyca/cryptography) from 43.0.0 to 43.0.1. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/43.0.0...43.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door-binary.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door-binary.txt b/requirements-door-binary.txt index ce12e28..ccb8226 100644 --- a/requirements-door-binary.txt +++ b/requirements-door-binary.txt @@ -1 +1 @@ -cryptography==43.0.0 +cryptography==43.0.1 From dade690e5b06c13167e387e12a26e6fb69573c0f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 05:18:50 +0000 Subject: [PATCH 03/27] Bump boto3 from 1.35.14 to 1.35.19 Bumps [boto3](https://github.com/boto/boto3) from 1.35.14 to 1.35.19. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.14...1.35.19) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index c36b9f1..ba69c5e 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,4 +1,4 @@ -boto3==1.35.14 +boto3==1.35.19 Flask==3.0.3 Flask-Cors==5.0.0 rsa==4.9 From 4f81a31f430aa2ee72cbf76828cdcd20b84c8b60 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 05:07:22 +0000 Subject: [PATCH 04/27] Bump boto3 from 1.35.19 to 1.35.24 Bumps [boto3](https://github.com/boto/boto3) from 1.35.19 to 1.35.24. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.19...1.35.24) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index ba69c5e..036a8f2 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,4 +1,4 @@ -boto3==1.35.19 +boto3==1.35.24 Flask==3.0.3 Flask-Cors==5.0.0 rsa==4.9 From 31dd14b5b593a2d3282d49c23226c76a0aaa4942 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 05:50:56 +0000 Subject: [PATCH 05/27] Bump boto3 from 1.35.24 to 1.35.29 Bumps [boto3](https://github.com/boto/boto3) from 1.35.24 to 1.35.29. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.24...1.35.29) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index 036a8f2..4751632 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,4 +1,4 @@ -boto3==1.35.24 +boto3==1.35.29 Flask==3.0.3 Flask-Cors==5.0.0 rsa==4.9 From 57403a6949f1046c44ecba74f3068a041545a86a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 05:43:33 +0000 Subject: [PATCH 06/27] Bump boto3 from 1.35.29 to 1.35.34 Bumps [boto3](https://github.com/boto/boto3) from 1.35.29 to 1.35.34. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.29...1.35.34) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index 4751632..b9b88cc 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,4 +1,4 @@ -boto3==1.35.29 +boto3==1.35.34 Flask==3.0.3 Flask-Cors==5.0.0 rsa==4.9 From a20a31e7fdf064c2be1050501ecfaac39fc6e710 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 05:07:39 +0000 Subject: [PATCH 07/27] Bump boto3 from 1.35.34 to 1.35.39 Bumps [boto3](https://github.com/boto/boto3) from 1.35.34 to 1.35.39. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.34...1.35.39) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index b9b88cc..f52e0a4 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,4 +1,4 @@ -boto3==1.35.34 +boto3==1.35.39 Flask==3.0.3 Flask-Cors==5.0.0 rsa==4.9 From 56120a35675b0f745d8bf7a08256ffce227fee64 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Oct 2024 05:25:32 +0000 Subject: [PATCH 08/27] Bump boto3 from 1.35.39 to 1.35.44 Bumps [boto3](https://github.com/boto/boto3) from 1.35.39 to 1.35.44. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.39...1.35.44) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index f52e0a4..d3cd34b 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,4 +1,4 @@ -boto3==1.35.39 +boto3==1.35.44 Flask==3.0.3 Flask-Cors==5.0.0 rsa==4.9 From 2236f9025bda56dd2a7f265b27a762f4c48cd9a4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Oct 2024 05:25:37 +0000 Subject: [PATCH 09/27] Bump cryptography from 43.0.1 to 43.0.3 Bumps [cryptography](https://github.com/pyca/cryptography) from 43.0.1 to 43.0.3. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/43.0.1...43.0.3) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door-binary.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door-binary.txt b/requirements-door-binary.txt index ccb8226..75287dd 100644 --- a/requirements-door-binary.txt +++ b/requirements-door-binary.txt @@ -1 +1 @@ -cryptography==43.0.1 +cryptography==43.0.3 From bf81a07da27cc613a238c8ccd4de7b1861eb7e18 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Oct 2024 05:51:21 +0000 Subject: [PATCH 10/27] Bump ASFHyP3/actions from 0.11.2 to 0.12.0 Bumps [ASFHyP3/actions](https://github.com/asfhyp3/actions) from 0.11.2 to 0.12.0. - [Release notes](https://github.com/asfhyp3/actions/releases) - [Changelog](https://github.com/ASFHyP3/actions/blob/develop/CHANGELOG.md) - [Commits](https://github.com/asfhyp3/actions/compare/v0.11.2...v0.12.0) --- updated-dependencies: - dependency-name: ASFHyP3/actions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/changelog.yml | 2 +- .github/workflows/create-jira-issue.yml | 2 +- .github/workflows/labeled-pr.yml | 2 +- .github/workflows/release-checklist-comment.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/tag-version.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 8fc364b..8978df6 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -14,4 +14,4 @@ on: jobs: call-changelog-check-workflow: # Docs: https://github.com/ASFHyP3/actions - uses: ASFHyP3/actions/.github/workflows/reusable-changelog-check.yml@v0.11.2 + uses: ASFHyP3/actions/.github/workflows/reusable-changelog-check.yml@v0.12.0 diff --git a/.github/workflows/create-jira-issue.yml b/.github/workflows/create-jira-issue.yml index 99489d5..d95ef84 100644 --- a/.github/workflows/create-jira-issue.yml +++ b/.github/workflows/create-jira-issue.yml @@ -6,7 +6,7 @@ on: jobs: call-create-jira-issue-workflow: - uses: ASFHyP3/actions/.github/workflows/reusable-create-jira-issue.yml@v0.11.2 + uses: ASFHyP3/actions/.github/workflows/reusable-create-jira-issue.yml@v0.12.0 secrets: JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} diff --git a/.github/workflows/labeled-pr.yml b/.github/workflows/labeled-pr.yml index 7ac5bed..4149e57 100644 --- a/.github/workflows/labeled-pr.yml +++ b/.github/workflows/labeled-pr.yml @@ -13,4 +13,4 @@ on: jobs: call-labeled-pr-check-workflow: # Docs: https://github.com/ASFHyP3/actions - uses: ASFHyP3/actions/.github/workflows/reusable-labeled-pr-check.yml@v0.11.2 + uses: ASFHyP3/actions/.github/workflows/reusable-labeled-pr-check.yml@v0.12.0 diff --git a/.github/workflows/release-checklist-comment.yml b/.github/workflows/release-checklist-comment.yml index 7f889bf..a64c263 100644 --- a/.github/workflows/release-checklist-comment.yml +++ b/.github/workflows/release-checklist-comment.yml @@ -10,7 +10,7 @@ on: jobs: call-release-workflow: # Docs: https://github.com/ASFHyP3/actions - uses: ASFHyP3/actions/.github/workflows/reusable-release-checklist-comment.yml@v0.11.2 + uses: ASFHyP3/actions/.github/workflows/reusable-release-checklist-comment.yml@v0.12.0 permissions: pull-requests: write secrets: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5a81829..dcd526c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,7 +7,7 @@ on: jobs: call-release-workflow: - uses: ASFHyP3/actions/.github/workflows/reusable-release.yml@v0.11.2 + uses: ASFHyP3/actions/.github/workflows/reusable-release.yml@v0.12.0 with: release_prefix: GRFN Distribution release_branch: prod diff --git a/.github/workflows/tag-version.yml b/.github/workflows/tag-version.yml index 3e069cd..5c7419d 100644 --- a/.github/workflows/tag-version.yml +++ b/.github/workflows/tag-version.yml @@ -8,7 +8,7 @@ on: jobs: call-bump-version-workflow: # Docs: https://github.com/ASFHyP3/actions - uses: ASFHyP3/actions/.github/workflows/reusable-bump-version.yml@v0.11.2 + uses: ASFHyP3/actions/.github/workflows/reusable-bump-version.yml@v0.12.0 with: user: tools-bot email: UAF-asf-apd@alaska.edu From a3fddc447c3c0114d6a0f1db2f1d76d4ae6cdfcf Mon Sep 17 00:00:00 2001 From: Jake Herrmann Date: Thu, 24 Oct 2024 10:18:15 -0800 Subject: [PATCH 11/27] deploy concurrency --- .github/workflows/deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index ee878b1..6c1e13f 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -6,6 +6,8 @@ on: - prod - test +concurrency: ${{ github.workflow }}-${{ github.ref }} + jobs: deploy: runs-on: ubuntu-latest From 0fe4862a43b36822ddce94c0d7cbbaf298226363 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 05:24:34 +0000 Subject: [PATCH 12/27] Bump boto3 from 1.35.44 to 1.35.49 Bumps [boto3](https://github.com/boto/boto3) from 1.35.44 to 1.35.49. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.44...1.35.49) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index d3cd34b..1a8dd7a 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,4 +1,4 @@ -boto3==1.35.44 +boto3==1.35.49 Flask==3.0.3 Flask-Cors==5.0.0 rsa==4.9 From 6deecb850e19fddbde5362cbbc1b4774b3be1fc3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 05:24:36 +0000 Subject: [PATCH 13/27] Bump serverless-wsgi from 3.0.4 to 3.0.5 Bumps [serverless-wsgi](https://github.com/logandk/serverless-wsgi) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/logandk/serverless-wsgi/releases) - [Changelog](https://github.com/logandk/serverless-wsgi/blob/master/CHANGELOG.md) - [Commits](https://github.com/logandk/serverless-wsgi/compare/3.0.4...3.0.5) --- updated-dependencies: - dependency-name: serverless-wsgi dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index d3cd34b..2c6a37e 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -2,5 +2,5 @@ boto3==1.35.44 Flask==3.0.3 Flask-Cors==5.0.0 rsa==4.9 -serverless_wsgi==3.0.4 +serverless_wsgi==3.0.5 PyJWT==2.9.0 From 578091f6ae93c6012bcd7ca4c78a61b550e5128c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 05:45:06 +0000 Subject: [PATCH 14/27] Bump boto3 from 1.35.49 to 1.35.54 Bumps [boto3](https://github.com/boto/boto3) from 1.35.49 to 1.35.54. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.49...1.35.54) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index 9a4255c..9b9ad4b 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,4 +1,4 @@ -boto3==1.35.49 +boto3==1.35.54 Flask==3.0.3 Flask-Cors==5.0.0 rsa==4.9 From 8a83b2f944ab55ac6579d6fe2e66f1c099637130 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 05:21:43 +0000 Subject: [PATCH 15/27] Bump boto3 from 1.35.54 to 1.35.57 Bumps [boto3](https://github.com/boto/boto3) from 1.35.54 to 1.35.57. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.54...1.35.57) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index 9b9ad4b..0625862 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,4 +1,4 @@ -boto3==1.35.54 +boto3==1.35.57 Flask==3.0.3 Flask-Cors==5.0.0 rsa==4.9 From a1c4ab4447289b9879bd695900070ae8bb210db1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 05:29:36 +0000 Subject: [PATCH 16/27] Bump pyjwt from 2.9.0 to 2.10.0 Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.9.0 to 2.10.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0) --- updated-dependencies: - dependency-name: pyjwt dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index 0625862..7c98218 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -3,4 +3,4 @@ Flask==3.0.3 Flask-Cors==5.0.0 rsa==4.9 serverless_wsgi==3.0.5 -PyJWT==2.9.0 +PyJWT==2.10.0 From 06bf8779cce420da40409bd367efccb1d83e30fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 05:29:45 +0000 Subject: [PATCH 17/27] Bump boto3 from 1.35.57 to 1.35.63 Bumps [boto3](https://github.com/boto/boto3) from 1.35.57 to 1.35.63. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.57...1.35.63) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index 0625862..f98e7d5 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,4 +1,4 @@ -boto3==1.35.57 +boto3==1.35.63 Flask==3.0.3 Flask-Cors==5.0.0 rsa==4.9 From 0c3c7fb405df85fd8e6a3e49be24625db9d9999e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 00:09:41 +0000 Subject: [PATCH 18/27] Bump flask from 3.0.3 to 3.1.0 Bumps [flask](https://github.com/pallets/flask) from 3.0.3 to 3.1.0. - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/flask/compare/3.0.3...3.1.0) --- updated-dependencies: - dependency-name: flask dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index f98e7d5..eb14f01 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,5 +1,5 @@ boto3==1.35.63 -Flask==3.0.3 +Flask==3.1.0 Flask-Cors==5.0.0 rsa==4.9 serverless_wsgi==3.0.5 From 01899dfe72006e444ca7840dac5dd08171f5340a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 05:34:26 +0000 Subject: [PATCH 19/27] Bump boto3 from 1.35.63 to 1.35.68 Bumps [boto3](https://github.com/boto/boto3) from 1.35.63 to 1.35.68. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.63...1.35.68) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index 8b3e9b2..621e54d 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,4 +1,4 @@ -boto3==1.35.63 +boto3==1.35.68 Flask==3.1.0 Flask-Cors==5.0.0 rsa==4.9 From c48cdae2b9f69a17bd1a083cfe56311d5f72170c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 05:24:52 +0000 Subject: [PATCH 20/27] Bump pyjwt from 2.10.0 to 2.10.1 Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.10.0 to 2.10.1. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](https://github.com/jpadilla/pyjwt/compare/2.10.0...2.10.1) --- updated-dependencies: - dependency-name: pyjwt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index 621e54d..7d4294a 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -3,4 +3,4 @@ Flask==3.1.0 Flask-Cors==5.0.0 rsa==4.9 serverless_wsgi==3.0.5 -PyJWT==2.10.0 +PyJWT==2.10.1 From d415c46bbb0648afd89bd3fe88486c873cc9e6b0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 05:24:57 +0000 Subject: [PATCH 21/27] Bump cryptography from 43.0.3 to 44.0.0 Bumps [cryptography](https://github.com/pyca/cryptography) from 43.0.3 to 44.0.0. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/43.0.3...44.0.0) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-door-binary.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door-binary.txt b/requirements-door-binary.txt index 75287dd..afd08f7 100644 --- a/requirements-door-binary.txt +++ b/requirements-door-binary.txt @@ -1 +1 @@ -cryptography==43.0.3 +cryptography==44.0.0 From f78efeaf9b7987570f6c11bc89171a59cea37a74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 05:25:02 +0000 Subject: [PATCH 22/27] Bump boto3 from 1.35.68 to 1.35.72 Bumps [boto3](https://github.com/boto/boto3) from 1.35.68 to 1.35.72. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.68...1.35.72) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index 621e54d..7c39e26 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,4 +1,4 @@ -boto3==1.35.68 +boto3==1.35.72 Flask==3.1.0 Flask-Cors==5.0.0 rsa==4.9 From b9c6aa65d6447a95f88028c26442e69e8c32b417 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 05:39:06 +0000 Subject: [PATCH 23/27] Bump boto3 from 1.35.72 to 1.35.76 Bumps [boto3](https://github.com/boto/boto3) from 1.35.72 to 1.35.76. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.72...1.35.76) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index 33e208d..e5f4952 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,4 +1,4 @@ -boto3==1.35.72 +boto3==1.35.76 Flask==3.1.0 Flask-Cors==5.0.0 rsa==4.9 From 3916b5319432d55479f5c2629f4d55d1cba55d5b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 05:13:23 +0000 Subject: [PATCH 24/27] Bump boto3 from 1.35.76 to 1.35.81 Bumps [boto3](https://github.com/boto/boto3) from 1.35.76 to 1.35.81. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.76...1.35.81) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index e5f4952..fac7388 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,4 +1,4 @@ -boto3==1.35.76 +boto3==1.35.81 Flask==3.1.0 Flask-Cors==5.0.0 rsa==4.9 From abc3ebfa0cd50d254735e8054f6437509ca32cbd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 05:55:08 +0000 Subject: [PATCH 25/27] Bump ASFHyP3/actions from 0.12.0 to 0.13.2 Bumps [ASFHyP3/actions](https://github.com/asfhyp3/actions) from 0.12.0 to 0.13.2. - [Release notes](https://github.com/asfhyp3/actions/releases) - [Changelog](https://github.com/ASFHyP3/actions/blob/develop/CHANGELOG.md) - [Commits](https://github.com/asfhyp3/actions/compare/v0.12.0...v0.13.2) --- updated-dependencies: - dependency-name: ASFHyP3/actions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/changelog.yml | 2 +- .github/workflows/create-jira-issue.yml | 2 +- .github/workflows/labeled-pr.yml | 2 +- .github/workflows/release-checklist-comment.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/tag-version.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 8978df6..72e2657 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -14,4 +14,4 @@ on: jobs: call-changelog-check-workflow: # Docs: https://github.com/ASFHyP3/actions - uses: ASFHyP3/actions/.github/workflows/reusable-changelog-check.yml@v0.12.0 + uses: ASFHyP3/actions/.github/workflows/reusable-changelog-check.yml@v0.13.2 diff --git a/.github/workflows/create-jira-issue.yml b/.github/workflows/create-jira-issue.yml index d95ef84..7646baa 100644 --- a/.github/workflows/create-jira-issue.yml +++ b/.github/workflows/create-jira-issue.yml @@ -6,7 +6,7 @@ on: jobs: call-create-jira-issue-workflow: - uses: ASFHyP3/actions/.github/workflows/reusable-create-jira-issue.yml@v0.12.0 + uses: ASFHyP3/actions/.github/workflows/reusable-create-jira-issue.yml@v0.13.2 secrets: JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} diff --git a/.github/workflows/labeled-pr.yml b/.github/workflows/labeled-pr.yml index 4149e57..c549b2c 100644 --- a/.github/workflows/labeled-pr.yml +++ b/.github/workflows/labeled-pr.yml @@ -13,4 +13,4 @@ on: jobs: call-labeled-pr-check-workflow: # Docs: https://github.com/ASFHyP3/actions - uses: ASFHyP3/actions/.github/workflows/reusable-labeled-pr-check.yml@v0.12.0 + uses: ASFHyP3/actions/.github/workflows/reusable-labeled-pr-check.yml@v0.13.2 diff --git a/.github/workflows/release-checklist-comment.yml b/.github/workflows/release-checklist-comment.yml index a64c263..174418b 100644 --- a/.github/workflows/release-checklist-comment.yml +++ b/.github/workflows/release-checklist-comment.yml @@ -10,7 +10,7 @@ on: jobs: call-release-workflow: # Docs: https://github.com/ASFHyP3/actions - uses: ASFHyP3/actions/.github/workflows/reusable-release-checklist-comment.yml@v0.12.0 + uses: ASFHyP3/actions/.github/workflows/reusable-release-checklist-comment.yml@v0.13.2 permissions: pull-requests: write secrets: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index dcd526c..5753b55 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,7 +7,7 @@ on: jobs: call-release-workflow: - uses: ASFHyP3/actions/.github/workflows/reusable-release.yml@v0.12.0 + uses: ASFHyP3/actions/.github/workflows/reusable-release.yml@v0.13.2 with: release_prefix: GRFN Distribution release_branch: prod diff --git a/.github/workflows/tag-version.yml b/.github/workflows/tag-version.yml index 5c7419d..6afa9a8 100644 --- a/.github/workflows/tag-version.yml +++ b/.github/workflows/tag-version.yml @@ -8,7 +8,7 @@ on: jobs: call-bump-version-workflow: # Docs: https://github.com/ASFHyP3/actions - uses: ASFHyP3/actions/.github/workflows/reusable-bump-version.yml@v0.12.0 + uses: ASFHyP3/actions/.github/workflows/reusable-bump-version.yml@v0.13.2 with: user: tools-bot email: UAF-asf-apd@alaska.edu From 66d379a77210da04be6951ec676db1b0610744c4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Dec 2024 05:29:53 +0000 Subject: [PATCH 26/27] Bump boto3 from 1.35.81 to 1.35.90 Bumps [boto3](https://github.com/boto/boto3) from 1.35.81 to 1.35.90. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.81...1.35.90) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-door.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-door.txt b/requirements-door.txt index fac7388..6bb194b 100644 --- a/requirements-door.txt +++ b/requirements-door.txt @@ -1,4 +1,4 @@ -boto3==1.35.81 +boto3==1.35.90 Flask==3.1.0 Flask-Cors==5.0.0 rsa==4.9 From 3ee1d1da8a53638ceb4dba9599621fb841410e1a Mon Sep 17 00:00:00 2001 From: Jake Herrmann Date: Thu, 2 Jan 2025 10:52:51 -0900 Subject: [PATCH 27/27] replace flake8 with ruff --- .github/workflows/static-analysis.yml | 17 ++------------- CHANGELOG.md | 4 ++++ door/src/door/__init__.py | 1 + door/src/door/__main__.py | 3 ++- door/src/door/routes.py | 5 +++-- pyproject.toml | 31 +++++++++++++++++++++++++++ 6 files changed, 43 insertions(+), 18 deletions(-) create mode 100644 pyproject.toml diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index 5872a01..f8b4efd 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -4,21 +4,8 @@ on: push jobs: - flake8: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - - uses: actions/setup-python@v5 - with: - python-version: 3.12 - - - run: | - python -m pip install --upgrade pip - python -m pip install flake8 flake8-import-order flake8-blind-except flake8-builtins - - - run: flake8 --max-line-length=120 --import-order-style=pycharm --statistics --application-import-names door + call-ruff-workflow: + uses: ASFHyP3/actions/.github/workflows/reusable-ruff.yml@v0.13.2 cfn-lint: runs-on: ubuntu-latest diff --git a/CHANGELOG.md b/CHANGELOG.md index 4fed902..e814c96 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [PEP 440](https://www.python.org/dev/peps/pep-0440/) and uses [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.0.3] +### Changed +- Replaced `flake8` with `ruff`. + ## [1.0.2] ### Fixed - Upgraded to flask-cors v5.0.0 from v4.0.1. Resolves [CVE-2024-6221](https://github.com/asfadmin/grfn-distribution/security/dependabot/6). diff --git a/door/src/door/__init__.py b/door/src/door/__init__.py index 2d588be..00ada92 100644 --- a/door/src/door/__init__.py +++ b/door/src/door/__init__.py @@ -1,5 +1,6 @@ from flask import Flask + app = Flask(__name__) from door import routes # noqa Has to be at end of file or will cause circular import diff --git a/door/src/door/__main__.py b/door/src/door/__main__.py index f9668f4..39cd56a 100644 --- a/door/src/door/__main__.py +++ b/door/src/door/__main__.py @@ -1,4 +1,5 @@ from door import app -if __name__ == "__main__": + +if __name__ == '__main__': app.run(port=8080) diff --git a/door/src/door/routes.py b/door/src/door/routes.py index 4dffaeb..4963a9c 100644 --- a/door/src/door/routes.py +++ b/door/src/door/routes.py @@ -1,5 +1,5 @@ import os -from datetime import datetime, timedelta, timezone +from datetime import UTC, datetime, timedelta from urllib.parse import quote_plus import boto3 @@ -12,6 +12,7 @@ from door import app + CORS(app, origins=r'https?://([-\w]+\.)*asf\.alaska\.edu', supports_credentials=True) s3 = boto3.client('s3') @@ -60,7 +61,7 @@ def rsa_signer(message): return rsa.sign(message, key, 'SHA-1') base_url = f'https://{os.environ["CLOUDFRONT_DOMAIN_NAME"]}/{object_key}?userid={user_id}' - expiration_datetime = datetime.now(tz=timezone.utc) + timedelta(seconds=int(os.environ['EXPIRE_TIME_IN_SECONDS'])) + expiration_datetime = datetime.now(tz=UTC) + timedelta(seconds=int(os.environ['EXPIRE_TIME_IN_SECONDS'])) cf_signer = CloudFrontSigner(os.environ['CLOUDFRONT_KEY_PAIR_ID'], rsa_signer) signed_url = cf_signer.generate_presigned_url(base_url, date_less_than=expiration_datetime) return signed_url diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000..bbb16f3 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,31 @@ +[project] +requires-python = "==3.12" + +[tool.ruff] +line-length = 120 +# The directories to consider when resolving first- vs. third-party imports. +# See: https://docs.astral.sh/ruff/settings/#src +src = ["**/src"] + +[tool.ruff.format] +indent-style = "space" +quote-style = "single" + +[tool.ruff.lint] +extend-select = [ + "I", # isort: https://docs.astral.sh/ruff/rules/#isort-i + "UP", # pyupgrade: https://docs.astral.sh/ruff/rules/#pyupgrade-up + + # TODO: uncomment the following extensions and address their warnings: + #"D", # pydocstyle: https://docs.astral.sh/ruff/rules/#pydocstyle-d + #"ANN", # annotations: https://docs.astral.sh/ruff/rules/#flake8-annotations-ann + + "PTH", # use-pathlib-pth: https://docs.astral.sh/ruff/rules/#flake8-use-pathlib-pth +] + +[tool.ruff.lint.pydocstyle] +convention = "google" + +[tool.ruff.lint.isort] +case-sensitive = true +lines-after-imports = 2