Merge pull request #463 from Renumics/fix/known-python-vulnerabilities

Update Python dependencies
Renumics · Nov 11, 2024 · 2819384 · 2819384
2 parents 5950f4d + 540402c
commit 2819384
Show file tree

Hide file tree

Showing 8 changed files with 2,658 additions and 2,761 deletions.
diff --git a/.github/actions/setup-poetry/action.yml b/.github/actions/setup-poetry/action.yml
@@ -5,7 +5,7 @@ description: |
 inputs:
     python-version:
         description: Python version to use
-        default: '3.8'
+        default: '3.10'
     install-dependencies:
         description: Whether to install and cache/restore dependencies
         default: 'true'

diff --git a/Makefile b/Makefile
@@ -26,8 +26,9 @@ clean: ## clean project
 
 .PHONY: audit
 audit: ## Audit project dependencies
-	poetry export --without-hashes | poetry run safety check --full-report --stdin \
-	 	--ignore 61496 --ignore 70612 --ignore 71596
+	poetry export --without-hashes --all-extras --without dev --without playbook \
+		| poetry run safety check --full-report --stdin \
+	 	--ignore 61496 --ignore 70612 --ignore 71596 --ignore 73323
 	pnpm audit --prod
 
 .PHONY: check-format

diff --git a/package.json b/package.json
@@ -53,14 +53,15 @@
         "d3-time-format": "^4.1.0",
         "d3-zoom": "^3.0.0",
         "detect-gpu": "^5.0.12",
-        "dompurify": "^3.0.3",
+        "dompurify": "^3.1.3",
         "fast-levenshtein": "^3.0.0",
         "file-saver": "^2.0.5",
         "flexlayout-react": "^0.7.6",
         "fuse.js": "^6.6.2",
         "immer": "^9.0.19",
         "localforage": "^1.10.0",
         "lodash": "^4.17.21",
+        "micromatch": "4.0.8",
         "moment": "^2.29.4",
         "numbro": "^2.3.6",
         "prop-types": "^15.8.1",

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml