Update packages for February Security Updates (#3866)

microsoft · Mar 5, 2024 · ddddbf6 · ddddbf6
1 parent e8d2f89
commit ddddbf6
Show file tree

Hide file tree

Showing 14 changed files with 790 additions and 713 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -37,7 +37,7 @@ RUN apt-get update && apt-get install -y ca-certificates curl gnupg lsb-release
     && curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \
     && echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" \
     | tee /etc/apt/sources.list.d/docker.list > /dev/null \
-    && apt-get update && apt-get install -y docker-ce="5:23.0.3-1~debian.11~bullseye" docker-ce-cli="5:23.0.3-1~debian.11~bullseye" containerd.io="1.6.20-1" docker-buildx-plugin --no-install-recommends \
+    && apt-get update && apt-get install -y docker-ce="5:24.0.0-1~debian.11~bullseye" docker-ce-cli="5:24.0.0-1~debian.11~bullseye" docker-compose-plugin="2.21.0-1~debian.11~bullseye" containerd.io="1.6.24-1" docker-buildx-plugin --no-install-recommends \
     && apt-get clean -y && rm -rf /var/lib/apt/lists/*
 
 # Install Certbot
@@ -75,7 +75,7 @@ COPY ["airlock_processor/requirements.txt", "/tmp/pip-tmp/airlock_processor/"]
 RUN pip3 --disable-pip-version-check --no-cache-dir install -r /tmp/pip-tmp/requirements.txt
 
 # Install azure-cli
-ARG AZURE_CLI_VERSION=2.50.0-1~bullseye
+ARG AZURE_CLI_VERSION=2.57.0-1~bullseye
 COPY .devcontainer/scripts/azure-cli.sh /tmp/
 RUN export AZURE_CLI_VERSION=${AZURE_CLI_VERSION} \
     && /tmp/azure-cli.sh

diff --git a/airlock_processor/_version.py b/airlock_processor/_version.py
@@ -1 +1 @@
-__version__ = "0.7.0"
+__version__ = "0.7.1"
diff --git a/airlock_processor/requirements.txt b/airlock_processor/requirements.txt
@@ -1,5 +1,5 @@
 # Do not include azure-functions-worker as it may conflict with the Azure Functions platform
-azure-core==1.29.5
+azure-core==1.30.0
 azure-functions==1.17.0
 azure-storage-blob==12.19.0
 azure-identity==1.14.1

diff --git a/api_app/_version.py b/api_app/_version.py
@@ -1 +1 @@
-__version__ = "0.18.4"
+__version__ = "0.18.5"
diff --git a/api_app/core/config.py b/api_app/core/config.py
@@ -2,7 +2,11 @@
 from starlette.config import Config
 from _version import __version__
 
-config = Config(".env")
+try:
+    config = Config('.env')
+# Workaround needed until FastAPI uses Starlette >= 3.7.1
+except FileNotFoundError:
+    config = Config()
 
 # API settings
 API_PREFIX = "/api"

diff --git a/api_app/requirements.txt b/api_app/requirements.txt
@@ -1,21 +1,21 @@
 aiohttp==3.9.3
-azure-core==1.29.5
+azure-core==1.30.0
 azure-cosmos==4.5.1
 azure-eventgrid==4.15.0
 azure-identity==1.14.1
 azure-mgmt-compute==30.3.0
 azure-mgmt-cosmosdb==9.3.0
 azure-mgmt-costmanagement==4.0.1
 azure-mgmt-resource==23.0.1
-azure-monitor-opentelemetry==1.1.1
+azure-monitor-opentelemetry==1.2.0
 azure-servicebus==7.11.3
 azure-storage-blob==12.19.0
-fastapi==0.104.0
+fastapi==0.110.0
 fastapi-utils==0.2.1
 gunicorn==21.2.0
 jsonschema[format_nongpl]==4.19.1
-msal==1.22.0
-opentelemetry.instrumentation.logging==0.43b0
+msal==1.26.0
+opentelemetry.instrumentation.logging==0.44b0
 pandas==2.0.3
 PyJWT==2.8.0
 pytz==2022.7

diff --git a/cli/requirements.txt b/cli/requirements.txt
@@ -1,11 +1,11 @@
 # if you update this file, update the install_requires in setup.py as well
 click==8.1.3
 httpx~=0.23.0
-msal==1.22.0
+msal==1.26.0
 jmespath==1.0.1
 tabulate==0.9.0
 pygments==2.16.1
 PyJWT==2.8.0
-azure-cli-core==2.50.0
+azure-cli-core==2.57.0
 azure-identity==1.14.1
 aiohttp==3.9.3
diff --git a/cli/setup.py b/cli/setup.py
@@ -4,7 +4,7 @@
 from setuptools import setup
 
 PROJECT = 'azure-tre-cli'
-VERSION = '0.2.1'
+VERSION = '0.2.2'
 
 try:
     long_description = open('README.md', 'rt').read()
@@ -42,12 +42,12 @@
     install_requires=[
         "click==8.1.3",
         "httpx==0.25.0",
-        "msal==1.22.0",
+        "msal==1.26.0",
         "jmespath==1.0.1",
         "tabulate==0.9.0",
         "pygments==2.16.1",
         "PyJWT==2.8.0",
-        "azure-cli-core==2.50.0",
+        "azure-cli-core==2.57.0",
         "azure-identity==1.14.1",
         "aiohttp==3.9.3"
     ],

diff --git a/e2e_tests/config.py b/e2e_tests/config.py
@@ -1,7 +1,11 @@
 from starlette.config import Config
 
 
-config = Config(".env")
+try:
+    config = Config('.env')
+# Workaround needed until FastAPI uses Starlette >= 3.7.1
+except FileNotFoundError:
+    config = Config()
 
 # Resource Info
 RESOURCE_LOCATION: str = config("RESOURCE_LOCATION", default="")

diff --git a/e2e_tests/requirements.txt b/e2e_tests/requirements.txt
@@ -2,7 +2,7 @@
 httpx==0.25.0
 pytest==7.4.3
 pytest-asyncio==0.21.1
-starlette==0.27.0
+starlette==0.36.3
 pytest-timeout==2.2.0
 pytest-xdist==3.3.1
 backoff==2.2.1
diff --git a/resource_processor/_version.py b/resource_processor/_version.py
@@ -1 +1 @@
-__version__ = "0.8.3"
+__version__ = "0.8.4"
diff --git a/resource_processor/vmss_porter/requirements.txt b/resource_processor/vmss_porter/requirements.txt
@@ -1,6 +1,6 @@
 aiohttp==3.9.3
-azure-cli-core==2.50.0
+azure-cli-core==2.57.0
 azure-identity==1.14.1
-azure-monitor-opentelemetry==1.1.1
+azure-monitor-opentelemetry==1.2.0
 azure-servicebus==7.11.3
-opentelemetry.instrumentation.logging==0.43b0
+opentelemetry.instrumentation.logging==0.44b0
diff --git a/ui/app/package.json b/ui/app/package.json
@@ -1,6 +1,6 @@
 {
   "name": "tre-ui",
-  "version": "0.5.20",
+  "version": "0.5.21",
   "private": true,
   "dependencies": {
     "@azure/msal-browser": "^2.35.0",
@@ -26,7 +26,7 @@
     "react-redux": "^8.0.4",
     "react-router-dom": "6.21.1",
     "remark-gfm": "^3.0.1",
-    "typescript": "^5.1.6",
+    "typescript": "^5.3.3",
     "web-vitals": "^3.3.0"
   },
   "devDependencies": {
@@ -61,6 +61,7 @@
     ]
   },
   "resolutions": {
-    "nth-check": "^2.0.1"
+    "nth-check": "^2.0.1",
+    "node-sass/**/ip": "^2.0.1"
   }
 }