From 7e36694b648de79d1f6d3c0f2ae13d9c4c152b9e Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Mon, 31 Oct 2022 23:54:45 +0100 Subject: [PATCH 1/4] Update python deps --- core/base/requirements-prod.txt | 106 ++++++++++++++------------------ 1 file changed, 47 insertions(+), 59 deletions(-) diff --git a/core/base/requirements-prod.txt b/core/base/requirements-prod.txt index fbbce5d5..ce822cc7 100644 --- a/core/base/requirements-prod.txt +++ b/core/base/requirements-prod.txt @@ -1,90 +1,78 @@ aiodns==3.0.0 aiohttp==3.8.3 aiosignal==1.2.0 -alembic==1.7.4 -appdirs==1.4.4 +alembic==1.8.1 async-timeout==4.0.2 attrs==22.1.0 -Babel==2.9.1 -bcrypt==3.2.0 -blinker==1.4 -CacheControl==0.12.9 -certifi==2021.10.8 +Babel==2.10.3 +blinker==1.5 +certifi==2022.9.24 cffi==1.15.1 -chardet==4.0.0 -charset-normalizer==2.0.12 -click==8.0.3 -colorama==0.4.4 -contextlib2==21.6.0 -cryptography==35.0.0 -decorator==5.1.0 +charset-normalizer==2.1.1 +click==8.1.3 +cryptography==38.0.1 +decorator==5.1.1 defusedxml==0.7.1 -dnspython==2.1.0 -dominate==2.6.0 -email-validator==1.1.3 -Flask==2.0.2 +Deprecated==1.2.13 +dnspython==2.2.1 +dominate==2.7.0 +email-validator==1.3.0 +Flask==2.2.2 Flask-Babel==2.0.0 Flask-Bootstrap==3.3.7.1 -Flask-DebugToolbar==0.11.0 -Flask-Limiter==1.4 -Flask-Login==0.5.0 +Flask-DebugToolbar==0.13.1 +Flask-Login==0.6.2 flask-marshmallow==0.14.0 Flask-Migrate==3.1.0 -Flask-Script==2.0.6 -Flask-SQLAlchemy==2.5.1 -Flask-WTF==0.15.1 +Flask-SQLAlchemy==3.0.2 +Flask-WTF==1.0.1 frozenlist==1.3.1 -greenlet==1.1.2 +greenlet==2.0.0 gunicorn==20.1.0 -html5lib==1.1 -idna==3.3 +idna==3.4 infinity==1.5 intervals==0.9.2 -itsdangerous==2.0.1 -Jinja2==3.0.2 -limits==1.5.1 -lockfile==0.12.2 +itsdangerous==2.1.2 +Jinja2==3.1.2 +limits==2.7.1 Mako==1.2.3 -MarkupSafe==2.0.1 -marshmallow==3.14.0 -marshmallow-sqlalchemy==0.26.1 -msgpack==1.0.2 +MarkupSafe==2.1.1 +marshmallow==3.18.0 +marshmallow-sqlalchemy==0.28.1 multidict==6.0.2 -mysql-connector-python==8.0.25 -ordered-set==4.0.2 +mysql-connector-python==8.0.31 +packaging==21.3 passlib==1.7.4 podop @ file:///app/libs/podop -postfix-mta-sts-resolver==1.0.1 -progress==1.6 -protobuf==4.21.7 -psycopg2-binary==2.9.3 +postfix-mta-sts-resolver==1.1.4 +protobuf==3.20.1 +psycopg2-binary==2.9.5 pycares==4.2.2 -pycparser==2.20 -Pygments==2.10.0 -pyOpenSSL==21.0.0 -pyparsing==3.0.4 +pycparser==2.21 +Pygments==2.13.0 +pyOpenSSL==22.1.0 +pyparsing==3.0.9 python-dateutil==2.8.2 -pytz==2021.3 +pytz==2022.5 PyYAML==6.0 Radicale==3.1.8 -redis==3.5.3 -requests==2.26.0 -retrying==1.3.3 +redis==4.3.4 +requests==2.28.1 six==1.16.0 socrate @ file:///app/libs/socrate -SQLAlchemy==1.4.26 +SQLAlchemy==1.4.42 srslib==0.1.4 -tabulate==0.8.9 -tenacity==8.0.1 -toml==0.10.2 -urllib3==1.26.7 -validators==0.18.2 +tabulate==0.9.0 +tenacity==8.1.0 +typing_extensions==4.4.0 +urllib3==1.26.12 +validators==0.20.0 visitor==0.1.3 vobject==0.9.6.1 watchdog==2.1.9 -webencodings==0.5.1 -Werkzeug==2.0.2 -WTForms==2.3.3 +Werkzeug==2.2.2 +wrapt==1.14.1 +WTForms==3.0.1 WTForms-Components==0.10.5 -xmltodict==0.12.0 +xmltodict==0.13.0 yarl==1.8.1 From 047413185e3032b2c1764d27cbaffe6a5383c181 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 2 Nov 2022 17:46:13 +0100 Subject: [PATCH 2/4] Mask Flask-SQLAlchemy >= 3.0.0 for now as it breaks mailu --- core/base/requirements-dev.txt | 2 +- core/base/requirements-prod.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/core/base/requirements-dev.txt b/core/base/requirements-dev.txt index 2fb4352f..be2e2e29 100644 --- a/core/base/requirements-dev.txt +++ b/core/base/requirements-dev.txt @@ -14,7 +14,7 @@ Flask-DebugToolbar Flask-Login flask-marshmallow Flask-Migrate -Flask-SQLAlchemy +Flask-SQLAlchemy<3 Flask-WTF gunicorn idna diff --git a/core/base/requirements-prod.txt b/core/base/requirements-prod.txt index ce822cc7..8040b44a 100644 --- a/core/base/requirements-prod.txt +++ b/core/base/requirements-prod.txt @@ -24,7 +24,7 @@ Flask-DebugToolbar==0.13.1 Flask-Login==0.6.2 flask-marshmallow==0.14.0 Flask-Migrate==3.1.0 -Flask-SQLAlchemy==3.0.2 +Flask-SQLAlchemy==2.5.1 Flask-WTF==1.0.1 frozenlist==1.3.1 greenlet==2.0.0 From a74396a9ef81dd8f69f2088e3fee80773f2c4dde Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 2 Nov 2022 17:52:38 +0100 Subject: [PATCH 3/4] Fix wtforms usage --- core/admin/mailu/ui/forms.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/admin/mailu/ui/forms.py b/core/admin/mailu/ui/forms.py index 59097c71..beb44092 100644 --- a/core/admin/mailu/ui/forms.py +++ b/core/admin/mailu/ui/forms.py @@ -123,8 +123,8 @@ class UserReplyForm(flask_wtf.FlaskForm): reply_subject = fields.StringField(_('Reply subject')) reply_body = fields.StringField(_('Reply body'), widget=widgets.TextArea()) - reply_startdate = fields.html5.DateField(_('Start of vacation')) - reply_enddate = fields.html5.DateField(_('End of vacation')) + reply_startdate = fields.DateField(_('Start of vacation')) + reply_enddate = fields.DateField(_('End of vacation')) submit = fields.SubmitField(_('Update')) From 1ae91567563f3c312c84f5928800facbc374ecda Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 2 Nov 2022 22:21:32 +0100 Subject: [PATCH 4/4] Add bcyrpt as direct dependency for better crypto. Also some updates --- core/base/requirements-dev.txt | 1 + core/base/requirements-prod.txt | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/core/base/requirements-dev.txt b/core/base/requirements-dev.txt index be2e2e29..92d34fdb 100644 --- a/core/base/requirements-dev.txt +++ b/core/base/requirements-dev.txt @@ -5,6 +5,7 @@ libs/socrate # core/admin alembic Babel +bcrypt click dnspython Flask diff --git a/core/base/requirements-prod.txt b/core/base/requirements-prod.txt index 8040b44a..716f848e 100644 --- a/core/base/requirements-prod.txt +++ b/core/base/requirements-prod.txt @@ -4,13 +4,14 @@ aiosignal==1.2.0 alembic==1.8.1 async-timeout==4.0.2 attrs==22.1.0 -Babel==2.10.3 +Babel==2.11.0 +bcrypt==4.0.1 blinker==1.5 certifi==2022.9.24 cffi==1.15.1 charset-normalizer==2.1.1 click==8.1.3 -cryptography==38.0.1 +cryptography==38.0.3 decorator==5.1.1 defusedxml==0.7.1 Deprecated==1.2.13 @@ -53,7 +54,7 @@ Pygments==2.13.0 pyOpenSSL==22.1.0 pyparsing==3.0.9 python-dateutil==2.8.2 -pytz==2022.5 +pytz==2022.6 PyYAML==6.0 Radicale==3.1.8 redis==4.3.4