From 8e3634d12e24aa78b6de6f2e28545caecd01ef69 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 18:24:45 +0000 Subject: [PATCH] Update all dependencies --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/mega-linter.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- Dockerfile | 4 ++-- pyproject.toml | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ce8c5cb..207fa3c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,14 +26,14 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Initialize CodeQL - uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/init@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 with: languages: "python" - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/analyze@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 with: category: "/language:python" diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 84fd5f6..1f42e64 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -30,7 +30,7 @@ jobs: egress-policy: audit - name: Checkout Code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c48e363..c78cd4b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -31,7 +31,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: persist-credentials: false @@ -44,6 +44,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 with: sarif_file: results.sarif diff --git a/Dockerfile b/Dockerfile index 7af056d..24a423d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM cgr.dev/chainguard/python:latest-dev@sha256:e4453f844869a2f510d464471440293e4cb9517f7f861b5f90dd649e41b12e31 AS builder +FROM cgr.dev/chainguard/python:latest-dev@sha256:ff23b5a9971d51deaa5e12a7a3c3e53935faca67f563498d0d3176bff2d29302 AS builder COPY . /app @@ -9,7 +9,7 @@ ENV PATH=/home/nonroot/.local/bin:$PATH RUN wget -q -O - https://install.python-poetry.org | python - RUN poetry install --no-root; -FROM cgr.dev/chainguard/python:latest@sha256:72d500b1974e2081b2b10f4737b5b7307298810b288fc645b531eaa0f8c86672 +FROM cgr.dev/chainguard/python:latest@sha256:d36f443087be26e55b2bf18ab624dd17c8968a637c6bde750f80dc0c4ce81860 USER nonroot ENV DB_HOST localhost ENV DB_NAME postgres diff --git a/pyproject.toml b/pyproject.toml index 5097c56..b0018f6 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,12 +12,12 @@ fastapi = "0.115.0" psycopg2-binary = "2.9.9" pydantic = "2.9.2" sqlalchemy = "2.0.35" -uvicorn = "0.30.6" +uvicorn = "0.31.0" requests = "2.32.3" pyyaml = "6.0.2" certifi = "2024.8.30" idna = "3.10" -starlette = "0.38.6" +starlette = "0.39.2" [build-system]