From 346ea8fbae44e19f7b337c7f44db260bf84b234f Mon Sep 17 00:00:00 2001
From: Bob Laskowski <bob.laskowski@procore.com>
Date: Wed, 31 Jul 2024 13:20:33 -0700
Subject: [PATCH] update dependencies to fix various high/critical security
 vulnerabilities

---
 docker/Dockerfile | 18 +++++++++---------
 requirements.txt  |  6 +++---
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 88a5594d8..4e8ccd268 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.10 as base
+FROM python:3.10 AS base
 
 WORKDIR /app
 ADD pyproject.toml .
@@ -6,36 +6,36 @@ ADD requirements.txt .
 RUN pip install . && rm pyproject.toml requirements.txt
 ENV PYTHONPATH=/app
 
-FROM base as github_app
+FROM base AS github_app
 ADD pr_agent pr_agent
 CMD ["python", "-m", "gunicorn", "-k", "uvicorn.workers.UvicornWorker", "-c", "pr_agent/servers/gunicorn_config.py", "--forwarded-allow-ips", "*", "pr_agent.servers.github_app:app"]
 
-FROM base as bitbucket_app
+FROM base AS bitbucket_app
 ADD pr_agent pr_agent
 CMD ["python", "pr_agent/servers/bitbucket_app.py"]
 
-FROM base as bitbucket_server_webhook
+FROM base AS bitbucket_server_webhook
 ADD pr_agent pr_agent
 CMD ["python", "pr_agent/servers/bitbucket_server_webhook.py"]
 
-FROM base as github_polling
+FROM base AS github_polling
 ADD pr_agent pr_agent
 CMD ["python", "pr_agent/servers/github_polling.py"]
 
-FROM base as gitlab_webhook
+FROM base AS gitlab_webhook
 ADD pr_agent pr_agent
 CMD ["python", "pr_agent/servers/gitlab_webhook.py"]
 
-FROM base as azure_devops_webhook
+FROM base AS azure_devops_webhook
 ADD pr_agent pr_agent
 CMD ["python", "pr_agent/servers/azuredevops_server_webhook.py"]
 
-FROM base as test
+FROM base AS test
 ADD requirements-dev.txt .
 RUN pip install -r requirements-dev.txt && rm requirements-dev.txt
 ADD pr_agent pr_agent
 ADD tests tests
 
-FROM base as cli
+FROM base AS cli
 ADD pr_agent pr_agent
 ENTRYPOINT ["python", "pr_agent/cli.py"]
diff --git a/requirements.txt b/requirements.txt
index f9c976f15..a8d27cc03 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
-aiohttp==3.9.1
+aiohttp==3.9.4
 anthropic[vertex]==0.21.3
 atlassian-python-api==3.41.4
 azure-devops==7.1.0b3
@@ -6,7 +6,7 @@ azure-identity==1.15.0
 boto3==1.33.6
 dynaconf==3.2.4
 fastapi==0.111.0
-GitPython==3.1.32
+GitPython==3.1.41
 google-cloud-aiplatform==1.38.0
 google-cloud-storage==2.10.0
 Jinja2==3.1.2
@@ -24,7 +24,7 @@ tiktoken==0.7.0
 ujson==5.8.0
 uvicorn==0.22.0
 tenacity==8.2.3
-gunicorn==20.1.0
+gunicorn==22.0.0
 # Uncomment the following lines to enable the 'similar issue' tool
 # pinecone-client
 # pinecone-datasets @ git+https://github.com/mrT23/pinecone-datasets.git@main