From e63f980e29f6a6d60866c40af37aa38629c39262 Mon Sep 17 00:00:00 2001 From: S Anand Date: Tue, 24 Oct 2023 06:11:32 +0800 Subject: [PATCH] DOC: Add v1.93.3 release changes --- .snyk | 7 ++ gramex/__init__.py | 4 +- gramex/apps/capture/package-lock.json | 132 +++++++++++++++------ gramex/apps/ui/package-lock.json | 164 +++++++++++++++++--------- gramex/cache.py | 2 +- gramex/install.py | 2 +- gramex/ml.py | 6 +- gramex/pptgen/commands.py | 2 +- gramex/pptgen2/commands.py | 2 +- gramex/services/sms.py | 3 +- pyproject.toml | 2 +- reports/bandit.txt | 109 +---------------- reports/clamav.txt | 8 +- reports/loc.csv | 2 +- reports/snyk.txt | 6 +- reports/syft.txt | 37 +++--- 16 files changed, 262 insertions(+), 226 deletions(-) diff --git a/.snyk b/.snyk index eda98a1a8..c318194f5 100644 --- a/.snyk +++ b/.snyk @@ -17,3 +17,10 @@ ignore: reason: No fix available. Await eslint upgrade expires: 2023-12-31T00:00:00.000Z created: 2023-09-11T00:00:00.000Z + + # Upgrade Sharp to 0.32.6 from 0.30.7 in Comicgen + SNYK-JS-SHARP-5922108: + - '*': + reason: Await comicgen upgrade + expires: 2023-12-31T00:00:00.000Z + created: 2023-10-24T00:00:00.000Z diff --git a/gramex/__init__.py b/gramex/__init__.py index 7a6c63a69..8026a2fa0 100644 --- a/gramex/__init__.py +++ b/gramex/__init__.py @@ -54,7 +54,7 @@ gramex uninstall Uninstall an app ''' -__version__ = '1.93.2' +__version__ = '1.93.3' paths = AttrDict() # Paths where configurations are stored conf = AttrDict() # Final merged configurations @@ -362,7 +362,7 @@ def gramex_update(url: str): events = query('SELECT * FROM events') logs = [dict(log, **meta) for log in events] - r = requests.post(url, data=json.dumps(logs)) + r = requests.post(url, data=json.dumps(logs), timeout=30) r.raise_for_status() update = r.json() server_version = update['version'] diff --git a/gramex/apps/capture/package-lock.json b/gramex/apps/capture/package-lock.json index e0120db81..125c55187 100644 --- a/gramex/apps/capture/package-lock.json +++ b/gramex/apps/capture/package-lock.json @@ -105,15 +105,18 @@ "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" }, "node_modules/@types/node": { - "version": "20.8.2", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.8.2.tgz", - "integrity": "sha512-Vvycsc9FQdwhxE3y3DzeIxuEJbWGDsnrxvMADzTDF/lcdR9/K+AQIeAghTQsHtotg/q0j3WEOYS/jQgSdWue3w==", - "optional": true + "version": "20.8.7", + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.8.7.tgz", + "integrity": "sha512-21TKHHh3eUHIi2MloeptJWALuCu5H7HQTdTrWIFReA8ad+aggoX+lRes3ex7/FtpC+sVUpFMQ+QTfYr74mruiQ==", + "optional": true, + "dependencies": { + "undici-types": "~5.25.1" + } }, "node_modules/@types/yauzl": { - "version": "2.10.1", - "resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.10.1.tgz", - "integrity": "sha512-CHzgNU3qYBnp/O4S3yv2tXPlvMTq0YWSTVg2/JYLqWZGHwwgJGAwd00poay/11asPq8wLFwHzubyInqHIFmmiw==", + "version": "2.10.2", + "resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.10.2.tgz", + "integrity": "sha512-Km7XAtUIduROw7QPgvcft0lIupeG8a8rdKL8RiSyKvlE7dYY31fEn41HVuQsRFDuROA8tA4K2UVL+WdfFmErBA==", "optional": true, "dependencies": { "@types/node": "*" @@ -367,12 +370,13 @@ } }, "node_modules/call-bind": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", - "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.5.tgz", + "integrity": "sha512-C3nQxfFZxFRVoJoGKKI8y3MOEo129NQ+FgQ08iye+Mk4zNZZGdjfs06bVTr+DBSlA66Q2VEcMki/cUCP4SercQ==", "dependencies": { - "function-bind": "^1.1.1", - "get-intrinsic": "^1.0.2" + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.1", + "set-function-length": "^1.1.1" }, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -553,6 +557,19 @@ "ms": "2.0.0" } }, + "node_modules/define-data-property": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.1.tgz", + "integrity": "sha512-E7uGkTzkk1d0ByLeSc6ZsFS79Axg+m1P/VsgYsxHgiuc3tFSj+MjMIwe90FC4lOAZzNBdY7kkO2P2wKdsQ1vgQ==", + "dependencies": { + "get-intrinsic": "^1.2.1", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/depd": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", @@ -813,9 +830,12 @@ "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==" }, "node_modules/function-bind": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", - "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==" + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, "node_modules/get-caller-file": { "version": "2.0.5", @@ -826,14 +846,14 @@ } }, "node_modules/get-intrinsic": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.1.tgz", - "integrity": "sha512-2DcsyfABl+gVHEfCOaTrWgyt+tb6MSEGmKq+kI5HwLbIYgjgmMcV8KQ41uaKz1xxUcn9tJtgFbQUEVcEbd0FYw==", + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.2.tgz", + "integrity": "sha512-0gSo4ml/0j98Y3lngkFEot/zhiCeWsbYIlZ+uZOVgzLyLaUw7wxUL+nCTP0XJvJg1AXulJRI3UJi8GsbDuxdGA==", "dependencies": { - "function-bind": "^1.1.1", - "has": "^1.0.3", + "function-bind": "^1.1.2", "has-proto": "^1.0.1", - "has-symbols": "^1.0.3" + "has-symbols": "^1.0.3", + "hasown": "^2.0.0" }, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -872,22 +892,22 @@ "url": "https://github.com/sponsors/isaacs" } }, + "node_modules/gopd": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==", + "dependencies": { + "get-intrinsic": "^1.1.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/graceful-fs": { "version": "4.2.11", "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==" }, - "node_modules/has": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", - "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", - "dependencies": { - "function-bind": "^1.1.1" - }, - "engines": { - "node": ">= 0.4.0" - } - }, "node_modules/has-flag": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", @@ -896,6 +916,17 @@ "node": ">=4" } }, + "node_modules/has-property-descriptors": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.1.tgz", + "integrity": "sha512-VsX8eaIewvas0xnvinAe9bw4WfIeODpGYikiWYLH+dma0Jw6KHYqWiWfhQlgOVK8D6PvjubK5Uc4P0iIhIcNVg==", + "dependencies": { + "get-intrinsic": "^1.2.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/has-proto": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz", @@ -918,6 +949,17 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/hasown": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.0.tgz", + "integrity": "sha512-vUptKVTpIJhcczKBbgnS+RtcuYMB8+oNzPK2/Hp3hanz8JmpATdmmgLgSaadVREkDm+e2giHwY3ZRkyjSIDDFA==", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/http-errors": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", @@ -1317,9 +1359,9 @@ } }, "node_modules/object-inspect": { - "version": "1.12.3", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz", - "integrity": "sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g==", + "version": "1.13.1", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", + "integrity": "sha512-5qoj1RUiKOMsCCNLV1CBiPYE10sziTsnmNxkAI/rZhiD63CF7IqdFGC/XzjWjpSgLf0LxXX3bDFIh0E18f6UhQ==", "funding": { "url": "https://github.com/sponsors/ljharb" } @@ -1703,6 +1745,20 @@ "node": ">= 0.8.0" } }, + "node_modules/set-function-length": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.1.1.tgz", + "integrity": "sha512-VoaqjbBJKiWtg4yRcKBQ7g7wnGnLV3M8oLvVWwOk2PdYY6PEFegR1vezXR0tw6fZGF9csVakIRjrJiy2veSBFQ==", + "dependencies": { + "define-data-property": "^1.1.1", + "get-intrinsic": "^1.2.1", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/setimmediate": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", @@ -1853,6 +1909,12 @@ "through": "^2.3.8" } }, + "node_modules/undici-types": { + "version": "5.25.3", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.25.3.tgz", + "integrity": "sha512-Ga1jfYwRn7+cP9v8auvEXN1rX3sWqlayd4HP7OKk4mZWylEmu3KzXDUGrQUN6Ol7qo1gPvB2e5gX6udnyEPgdA==", + "optional": true + }, "node_modules/unpipe": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", diff --git a/gramex/apps/ui/package-lock.json b/gramex/apps/ui/package-lock.json index 7eefa0edd..c12319527 100644 --- a/gramex/apps/ui/package-lock.json +++ b/gramex/apps/ui/package-lock.json @@ -15,9 +15,9 @@ } }, "node_modules/@colors/colors": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/@colors/colors/-/colors-1.5.0.tgz", - "integrity": "sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz", + "integrity": "sha512-Ir+AOibqzrIsL6ajt3Rz3LskB7OiMVHqltZmspbW/TJuTVuyOMirVqAkjfY6JISiLHgyNqicAC8AyHHGzNd/dA==", "engines": { "node": ">=0.1.90" } @@ -382,9 +382,9 @@ } }, "node_modules/@types/triple-beam": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.3.tgz", - "integrity": "sha512-6tOUG+nVHn0cJbVp25JFayS5UE6+xlbcNF9Lo9mU7U0zk3zeUShZied4YEQZjy1JBF043FSkdXw8YkUJuVtB5g==" + "version": "1.3.4", + "resolved": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.4.tgz", + "integrity": "sha512-HlJjF3wxV4R2VQkFpKe0YqJLilYNgtRtsqqZtby7RkVsSs+i+vbyzjtUwpFEdUCKcrGzCiEJE7F/0mKjh0sunA==" }, "node_modules/accepts": { "version": "1.3.8", @@ -592,12 +592,13 @@ } }, "node_modules/call-bind": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", - "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.5.tgz", + "integrity": "sha512-C3nQxfFZxFRVoJoGKKI8y3MOEo129NQ+FgQ08iye+Mk4zNZZGdjfs06bVTr+DBSlA66Q2VEcMki/cUCP4SercQ==", "dependencies": { - "function-bind": "^1.1.1", - "get-intrinsic": "^1.0.2" + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.1", + "set-function-length": "^1.1.1" }, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -779,9 +780,9 @@ "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" }, "node_modules/comicgen": { - "version": "1.9.7", - "resolved": "https://registry.npmjs.org/comicgen/-/comicgen-1.9.7.tgz", - "integrity": "sha512-kHjM/zhZn2cOubgiMR7B2IXLex86tIg/EbwnRRPpWS4hatqhKWrvonjtHjQ9ZLS0fklCevTAjA156NSNjan5EQ==", + "version": "1.9.8", + "resolved": "https://registry.npmjs.org/comicgen/-/comicgen-1.9.8.tgz", + "integrity": "sha512-tdqC8yh0qHnKlqLrj6rtzMUImZZn512xLWGGWyAFoc1OnmUWk9dobz96dJ6yOzYELcLQhfrp7h2i5dVv4zWNIw==", "hasInstallScript": true, "dependencies": { "body-parser": "1", @@ -901,6 +902,19 @@ "node": ">=4.0.0" } }, + "node_modules/define-data-property": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.1.tgz", + "integrity": "sha512-E7uGkTzkk1d0ByLeSc6ZsFS79Axg+m1P/VsgYsxHgiuc3tFSj+MjMIwe90FC4lOAZzNBdY7kkO2P2wKdsQ1vgQ==", + "dependencies": { + "get-intrinsic": "^1.2.1", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/depd": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", @@ -1258,19 +1272,22 @@ } }, "node_modules/function-bind": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", - "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==" + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, "node_modules/get-intrinsic": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.1.tgz", - "integrity": "sha512-2DcsyfABl+gVHEfCOaTrWgyt+tb6MSEGmKq+kI5HwLbIYgjgmMcV8KQ41uaKz1xxUcn9tJtgFbQUEVcEbd0FYw==", + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.2.tgz", + "integrity": "sha512-0gSo4ml/0j98Y3lngkFEot/zhiCeWsbYIlZ+uZOVgzLyLaUw7wxUL+nCTP0XJvJg1AXulJRI3UJi8GsbDuxdGA==", "dependencies": { - "function-bind": "^1.1.1", - "has": "^1.0.3", + "function-bind": "^1.1.2", "has-proto": "^1.0.1", - "has-symbols": "^1.0.3" + "has-symbols": "^1.0.3", + "hasown": "^2.0.0" }, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -1310,20 +1327,31 @@ "node": ">= 6" } }, + "node_modules/gopd": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==", + "dependencies": { + "get-intrinsic": "^1.1.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/hachure-fill": { "version": "0.5.2", "resolved": "https://registry.npmjs.org/hachure-fill/-/hachure-fill-0.5.2.tgz", "integrity": "sha512-3GKBOn+m2LX9iq+JC1064cSFprJY4jL1jCXTcpnfER5HYE2l/4EfWSGzkPa/ZDBmYI0ZOEj5VHV/eKnPGkHuOg==" }, - "node_modules/has": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", - "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "node_modules/has-property-descriptors": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.1.tgz", + "integrity": "sha512-VsX8eaIewvas0xnvinAe9bw4WfIeODpGYikiWYLH+dma0Jw6KHYqWiWfhQlgOVK8D6PvjubK5Uc4P0iIhIcNVg==", "dependencies": { - "function-bind": "^1.1.1" + "get-intrinsic": "^1.2.2" }, - "engines": { - "node": ">= 0.4.0" + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, "node_modules/has-proto": { @@ -1348,6 +1376,17 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/hasown": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.0.tgz", + "integrity": "sha512-vUptKVTpIJhcczKBbgnS+RtcuYMB8+oNzPK2/Hp3hanz8JmpATdmmgLgSaadVREkDm+e2giHwY3ZRkyjSIDDFA==", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/hsluv": { "version": "0.0.3", "resolved": "https://registry.npmjs.org/hsluv/-/hsluv-0.0.3.tgz", @@ -1533,16 +1572,19 @@ "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" }, "node_modules/logform": { - "version": "2.5.1", - "resolved": "https://registry.npmjs.org/logform/-/logform-2.5.1.tgz", - "integrity": "sha512-9FyqAm9o9NKKfiAKfZoYo9bGXXuwMkxQiQttkT4YjjVtQVIQtK6LmVtlxmCaFswo6N4AfEkHqZTV0taDtPotNg==", + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz", + "integrity": "sha512-1ulHeNPp6k/LD8H91o7VYFBng5i1BDE7HoKxVbZiGFidS1Rj65qcywLxX+pVfAPoQJEjRdvKcusKwOupHCVOVQ==", "dependencies": { - "@colors/colors": "1.5.0", + "@colors/colors": "1.6.0", "@types/triple-beam": "^1.3.2", "fecha": "^4.2.0", "ms": "^2.1.1", "safe-stable-stringify": "^2.3.1", "triple-beam": "^1.3.0" + }, + "engines": { + "node": ">= 12.0.0" } }, "node_modules/logform/node_modules/ms": { @@ -1691,9 +1733,9 @@ } }, "node_modules/node-abi": { - "version": "3.47.0", - "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-3.47.0.tgz", - "integrity": "sha512-2s6B2CWZM//kPgwnuI0KrYwNjfdByE25zvAaEpq9IH4zcNsarH8Ihu/UuX6XMPEogDAxkuUFeZn60pXNHAqn3A==", + "version": "3.51.0", + "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-3.51.0.tgz", + "integrity": "sha512-SQkEP4hmNWjlniS5zdnfIXTk1x7Ome85RDzHlTbBtzE97Gfwz/Ipw4v/Ryk20DWIy3yCNVLVlGKApCnmvYoJbA==", "dependencies": { "semver": "^7.3.5" }, @@ -1734,9 +1776,9 @@ } }, "node_modules/object-inspect": { - "version": "1.12.3", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz", - "integrity": "sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g==", + "version": "1.13.1", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", + "integrity": "sha512-5qoj1RUiKOMsCCNLV1CBiPYE10sziTsnmNxkAI/rZhiD63CF7IqdFGC/XzjWjpSgLf0LxXX3bDFIh0E18f6UhQ==", "funding": { "url": "https://github.com/sponsors/ljharb" } @@ -2027,9 +2069,9 @@ } }, "node_modules/roughjs": { - "version": "4.6.4", - "resolved": "https://registry.npmjs.org/roughjs/-/roughjs-4.6.4.tgz", - "integrity": "sha512-s6EZ0BntezkFYMf/9mGn7M8XGIoaav9QQBCnJROWB3brUWQ683Q2LbRD/hq0Z3bAJ/9NVpU/5LpiTWvQMyLDhw==", + "version": "4.6.5", + "resolved": "https://registry.npmjs.org/roughjs/-/roughjs-4.6.5.tgz", + "integrity": "sha512-4Q6XBbZWlp8yj1uipq2bQ1CPlxMhW/ukufwkuhh+2L79utk+O5kMSbfVh4UNBMtKJ3PxHQ9Ou3ncNt1iQcphJA==", "dependencies": { "hachure-fill": "^0.5.2", "path-data-parser": "^0.1.0", @@ -2070,9 +2112,9 @@ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, "node_modules/sass": { - "version": "1.68.0", - "resolved": "https://registry.npmjs.org/sass/-/sass-1.68.0.tgz", - "integrity": "sha512-Lmj9lM/fef0nQswm1J2HJcEsBUba4wgNx2fea6yJHODREoMFnwRpZydBnX/RjyXw2REIwdkbqE4hrTo4qfDBUA==", + "version": "1.69.4", + "resolved": "https://registry.npmjs.org/sass/-/sass-1.69.4.tgz", + "integrity": "sha512-+qEreVhqAy8o++aQfCJwp0sklr2xyEzkm9Pp/Igu9wNPoe7EZEQ8X/MBvvXggI2ql607cxKg/RKOwDj6pp2XDA==", "dependencies": { "chokidar": ">=3.0.0 <4.0.0", "immutable": "^4.0.0", @@ -2141,6 +2183,20 @@ "node": ">= 0.8.0" } }, + "node_modules/set-function-length": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.1.1.tgz", + "integrity": "sha512-VoaqjbBJKiWtg4yRcKBQ7g7wnGnLV3M8oLvVWwOk2PdYY6PEFegR1vezXR0tw6fZGF9csVakIRjrJiy2veSBFQ==", + "dependencies": { + "define-data-property": "^1.1.1", + "get-intrinsic": "^1.2.1", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/setprototypeof": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", @@ -2411,11 +2467,11 @@ } }, "node_modules/winston": { - "version": "3.10.0", - "resolved": "https://registry.npmjs.org/winston/-/winston-3.10.0.tgz", - "integrity": "sha512-nT6SIDaE9B7ZRO0u3UvdrimG0HkB7dSTAgInQnNR2SOPJ4bvq5q79+pXLftKmP52lJGW15+H5MCK0nM9D3KB/g==", + "version": "3.11.0", + "resolved": "https://registry.npmjs.org/winston/-/winston-3.11.0.tgz", + "integrity": "sha512-L3yR6/MzZAOl0DsysUXHVjOwv8mKZ71TrA/41EIduGpOOV5LQVodqN+QdQ6BS6PJ/RdIshZhq84P/fStEZkk7g==", "dependencies": { - "@colors/colors": "1.5.0", + "@colors/colors": "^1.6.0", "@dabh/diagnostics": "^2.0.2", "async": "^3.2.3", "is-stream": "^2.0.0", @@ -2449,16 +2505,16 @@ } }, "node_modules/winston-transport": { - "version": "4.5.0", - "resolved": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.5.0.tgz", - "integrity": "sha512-YpZzcUzBedhlTAfJg6vJDlyEai/IFMIVcaEZZyl3UXIl4gmqRpU7AE89AHLkbzLUsv0NVmw7ts+iztqKxxPW1Q==", + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.6.0.tgz", + "integrity": "sha512-wbBA9PbPAHxKiygo7ub7BYRiKxms0tpfU2ljtWzb3SjRjv5yl6Ozuy/TkXf00HTAt+Uylo3gSkNwzc4ME0wiIg==", "dependencies": { "logform": "^2.3.2", "readable-stream": "^3.6.0", "triple-beam": "^1.3.0" }, "engines": { - "node": ">= 6.4.0" + "node": ">= 12.0.0" } }, "node_modules/wrappy": { diff --git a/gramex/cache.py b/gramex/cache.py index 8fc61874f..68f445ce7 100644 --- a/gramex/cache.py +++ b/gramex/cache.py @@ -573,7 +573,7 @@ def urlfetch(url: str, info: bool = False, **kwargs: dict) -> Union[str, Dict]: return {'name': url, 'r': None, 'url': None, 'ext': ext, 'content_type': content_type} else: return url - r = requests.get(url, **kwargs) + r = requests.get(url, **kwargs) # nosec B113 - timeout is controlled by kwargs if 'Content-Type' in r.headers: content_type = r.headers['Content-Type'].split(';')[0] ext = mimetypes.guess_extension(content_type, strict=False) diff --git a/gramex/install.py b/gramex/install.py index 6ad655411..ddf3610cc 100644 --- a/gramex/install.py +++ b/gramex/install.py @@ -740,7 +740,7 @@ def run_install(config): else: # Otherwise, assume that it's a URL containing a ZIP file app_log.info(f'Downloading: {url}') - response = requests.get(url) + response = requests.get(url, timeout=30) response.raise_for_status() handle = io.BytesIO(response.content) diff --git a/gramex/ml.py b/gramex/ml.py index a5ca56cc4..0b2e4eb54 100644 --- a/gramex/ml.py +++ b/gramex/ml.py @@ -300,7 +300,9 @@ def _google_translate(q, source, target, key): if source: params['source'] = source try: - r = requests.post('https://translation.googleapis.com/language/translate/v2', data=params) + r = requests.post( + 'https://translation.googleapis.com/language/translate/v2', data=params, timeout=30 + ) except requests.RequestException: return app_log.exception('Cannot connect to Google Translate') response = r.json() @@ -518,7 +520,7 @@ def languagetool_download(): os.makedirs(target) src = _languagetool['defaults']['LT_SRC'].format(**_languagetool['defaults']) app_log.info(f'Downloading languagetools from {src}') - stream = io.BytesIO(requests.get(src).content) + stream = io.BytesIO(requests.get(src, timeout=600).content) app_log.info(f'Unzipping languagetools to {target}') zipfile.ZipFile(stream).extractall(target) _languagetool['installed'] = True diff --git a/gramex/pptgen/commands.py b/gramex/pptgen/commands.py index dafcc4f0c..a2e535be8 100644 --- a/gramex/pptgen/commands.py +++ b/gramex/pptgen/commands.py @@ -133,7 +133,7 @@ def image(shape, spec, data): image = template(spec['image'], data) # If it's a URL, use the requests library's raw stream as a file-like object if urlparse(image).netloc: - r = requests.get(image) + r = requests.get(image, timeout=30) with tempfile.NamedTemporaryFile(delete=False) as handle: handle.write(r.content) new_img_part, new_rid = shape.part.get_or_add_image_part(handle.name) diff --git a/gramex/pptgen2/commands.py b/gramex/pptgen2/commands.py index 4a65964c1..6769016e7 100644 --- a/gramex/pptgen2/commands.py +++ b/gramex/pptgen2/commands.py @@ -552,7 +552,7 @@ def image(shape, spec, data: dict): if val is not None: # Load image contents as a bytestring if urlparse(val).netloc: - content = requests.get(val).content + content = requests.get(val, timeout=30).content else: content = gramex.cache.open(val, 'bin') # Add the image part diff --git a/gramex/services/sms.py b/gramex/services/sms.py index 0e45879a3..8fe6203c2 100644 --- a/gramex/services/sms.py +++ b/gramex/services/sms.py @@ -111,11 +111,12 @@ def send(self, to, subject, sender=None): 'Body': subject, 'Priority': self.priority, }, + timeout=30, ) return self._handle_response(r) def status(self, result): - r = requests.get(self.host + result['Uri']) + r = requests.get(self.host + result['Uri'], timeout=30) return self._handle_response(r) diff --git a/pyproject.toml b/pyproject.toml index 27c38171a..ef43a4416 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "gramex" -version = "1.93.2" +version = "1.93.3" description = "Gramex: Low Code Data Solutions Platform" # People with 2+ contributions on https://github.com/gramener/gramex/graphs/contributors authors = [ diff --git a/reports/bandit.txt b/reports/bandit.txt index 71b26fb1e..b8e29d86f 100644 --- a/reports/bandit.txt +++ b/reports/bandit.txt @@ -1,120 +1,23 @@ Working... ---------------------------------------- 100% 0:00:02 -Run started:2023-10-03 09:35:31.562080 +Run started:2023-10-23 22:10:24.995737 Test results: ->> Issue: [B113:request_without_timeout] Requests call without timeout - Severity: Medium Confidence: Low - CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html) - More Info: https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html - Location: gramex\__init__.py:365:8 -364 -365 r = requests.post(url, data=json.dumps(logs)) -366 r.raise_for_status() - --------------------------------------------------- ->> Issue: [B113:request_without_timeout] Requests call without timeout - Severity: Medium Confidence: Low - CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html) - More Info: https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html - Location: gramex\cache.py:576:8 -575 return url -576 r = requests.get(url, **kwargs) -577 if 'Content-Type' in r.headers: - --------------------------------------------------- ->> Issue: [B113:request_without_timeout] Requests call without timeout - Severity: Medium Confidence: Low - CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html) - More Info: https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html - Location: gramex\install.py:743:19 -742 app_log.info(f'Downloading: {url}') -743 response = requests.get(url) -744 response.raise_for_status() - --------------------------------------------------- ->> Issue: [B113:request_without_timeout] Requests call without timeout - Severity: Medium Confidence: Low - CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html) - More Info: https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html - Location: gramex\ml.py:303:12 -302 try: -303 r = requests.post('https://translation.googleapis.com/language/translate/v2', data=params) -304 except requests.RequestException: - --------------------------------------------------- ->> Issue: [B113:request_without_timeout] Requests call without timeout - Severity: Medium Confidence: Low - CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html) - More Info: https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html - Location: gramex\ml.py:521:24 -520 app_log.info(f'Downloading languagetools from {src}') -521 stream = io.BytesIO(requests.get(src).content) -522 app_log.info(f'Unzipping languagetools to {target}') - --------------------------------------------------- ->> Issue: [B113:request_without_timeout] Requests call without timeout - Severity: Medium Confidence: Low - CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html) - More Info: https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html - Location: gramex\pptgen2\commands.py:555:22 -554 if urlparse(val).netloc: -555 content = requests.get(val).content -556 else: - --------------------------------------------------- ->> Issue: [B113:request_without_timeout] Requests call without timeout - Severity: Medium Confidence: Low - CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html) - More Info: https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html - Location: gramex\pptgen\commands.py:136:12 -135 if urlparse(image).netloc: -136 r = requests.get(image) -137 with tempfile.NamedTemporaryFile(delete=False) as handle: - --------------------------------------------------- ->> Issue: [B113:request_without_timeout] Requests call without timeout - Severity: Medium Confidence: Low - CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html) - More Info: https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html - Location: gramex\services\sms.py:106:12 -105 def send(self, to, subject, sender=None): -106 r = requests.post( -107 self.send_url, -108 { -109 'From': sender or self.sid, -110 'To': to, -111 'Body': subject, -112 'Priority': self.priority, -113 }, -114 ) -115 return self._handle_response(r) - --------------------------------------------------- ->> Issue: [B113:request_without_timeout] Requests call without timeout - Severity: Medium Confidence: Low - CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html) - More Info: https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html - Location: gramex\services\sms.py:118:12 -117 def status(self, result): -118 r = requests.get(self.host + result['Uri']) -119 return self._handle_response(r) - --------------------------------------------------- + No issues identified. Code scanned: - Total lines of code: 18524 + Total lines of code: 18528 Total lines skipped (#nosec): 10 - Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 47 + Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 48 Run metrics: Total issues (by severity): Undefined: 0 Low: 0 - Medium: 9 + Medium: 0 High: 0 Total issues (by confidence): Undefined: 0 - Low: 9 + Low: 0 Medium: 0 High: 0 Files skipped (0): diff --git a/reports/clamav.txt b/reports/clamav.txt index a3e751847..491852601 100644 --- a/reports/clamav.txt +++ b/reports/clamav.txt @@ -603,13 +603,13 @@ C:\code\cto\gramex\tests\vegam.yaml: OK C:\code\cto\gramex\tests\__init__.py: OK ----------- SCAN SUMMARY ----------- -Known viruses: 8674047 +Known viruses: 8676590 Engine version: 1.2.0 Scanned directories: 90 Scanned files: 579 Infected files: 0 Data scanned: 6.90 MB Data read: 3.05 MB (ratio 2.26:1) -Time: 19.751 sec (0 m 19 s) -Start Date: 2023:10:03 15:05:49 -End Date: 2023:10:03 15:06:09 +Time: 17.396 sec (0 m 17 s) +Start Date: 2023:10:24 06:10:25 +End Date: 2023:10:24 06:10:42 diff --git a/reports/loc.csv b/reports/loc.csv index a605711cf..97f7b8753 100644 --- a/reports/loc.csv +++ b/reports/loc.csv @@ -1,4 +1,4 @@ type,loc -Python,23116 +Python,23117 JavaScript,3557 Tests,15797 diff --git a/reports/snyk.txt b/reports/snyk.txt index 52872f890..4a15471ca 100644 --- a/reports/snyk.txt +++ b/reports/snyk.txt @@ -28,7 +28,7 @@ Open source: no Project path: C:\code\cto\gramex Licenses: enabled -✔ Tested 187 dependencies for known issues, no vulnerable paths found. +✔ Tested 192 dependencies for known issues, no vulnerable paths found. Next steps: - Run `snyk monitor` to be notified about new related vulnerabilities. @@ -75,12 +75,12 @@ Next steps: Testing C:\code\cto\gramex... -Tested 227 dependencies for known issues, found 1 issue, 1 vulnerable path. +Tested 231 dependencies for known issues, found 1 issue, 1 vulnerable path. Issues with no direct upgrade or patch: ✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7 - introduced by comicgen@1.9.7 > sharp@0.30.7 + introduced by comicgen@1.9.8 > sharp@0.30.7 This issue was fixed in versions: 0.32.6 diff --git a/reports/syft.txt b/reports/syft.txt index 384518ca9..1e38a0d7c 100644 --- a/reports/syft.txt +++ b/reports/syft.txt @@ -2,7 +2,7 @@ NAME VERSION TYPE @babel/code-frame 7.22.13 npm @babel/helper-validator-identifier 7.22.20 npm @babel/highlight 7.22.20 npm -@colors/colors 1.5.0 npm +@colors/colors 1.6.0 npm @dabh/diagnostics 2.0.3 npm @esbuild/android-arm 0.18.20 npm @esbuild/android-arm64 0.18.20 npm @@ -30,9 +30,9 @@ NAME VERSION TYPE @puppeteer/browsers 0.5.0 npm @swc/helpers 0.4.14 npm @swc/helpers 0.4.36 npm -@types/node 20.8.2 npm -@types/triple-beam 1.3.3 npm -@types/yauzl 2.10.1 npm +@types/node 20.8.7 npm +@types/triple-beam 1.3.4 npm +@types/yauzl 2.10.2 npm accepts 1.3.8 npm agent-base 6.0.2 npm almost-equal 1.1.0 npm @@ -63,7 +63,7 @@ brotli 1.3.3 npm buffer 5.7.1 npm buffer-crc32 0.2.13 npm bytes 3.1.2 npm -call-bind 1.0.2 npm +call-bind 1.0.5 npm callsites 3.1.0 npm capture 1.0.0 npm chalk 2.4.2 npm @@ -87,7 +87,7 @@ color-parse 1.4.3 npm color-space 1.16.0 npm color-string 1.9.1 npm colorspace 1.1.4 npm -comicgen 1.9.7 npm +comicgen 1.9.8 npm compress-commons 4.1.2 npm concat-map 0.0.1 npm content-disposition 0.5.4 npm @@ -106,6 +106,7 @@ debug 2.6.9 npm debug 4.3.4 npm decompress-response 6.0.0 npm deep-extend 0.6.0 npm +define-data-property 1.1.1 npm delegate 3.2.0 npm depd 2.0.0 npm destroy 1.2.0 npm @@ -145,22 +146,24 @@ fresh 0.5.2 npm fs-constants 1.0.0 npm fs.realpath 1.0.0 npm fsevents 2.3.3 npm -function-bind 1.1.1 npm +function-bind 1.1.2 npm get-caller-file 2.0.5 npm -get-intrinsic 1.2.1 npm +get-intrinsic 1.2.2 npm get-stream 5.2.0 npm github-from-package 0.0.0 npm glob 7.2.3 npm glob 8.1.0 npm glob-parent 5.1.2 npm good-listener 1.2.2 npm +gopd 1.0.1 npm graceful-fs 4.2.11 npm gramex-apps-ui npm hachure-fill 0.5.2 npm -has 1.0.3 npm has-flag 3.0.0 npm +has-property-descriptors 1.0.1 npm has-proto 1.0.1 npm has-symbols 1.0.3 npm +hasown 2.0.0 npm hsluv 0.0.3 npm htmlparser2 6.1.0 npm http-errors 2.0.0 npm @@ -201,7 +204,7 @@ lodash.difference 4.5.0 npm lodash.flatten 4.4.0 npm lodash.isplainobject 4.0.6 npm lodash.union 4.6.0 npm -logform 2.5.1 npm +logform 2.6.0 npm logviewer 0.0.1 npm lru-cache 6.0.0 npm media-typer 0.3.0 npm @@ -224,13 +227,13 @@ mumath 3.3.4 npm mustache 4.2.0 npm napi-build-utils 1.0.2 npm negotiator 0.6.3 npm -node-abi 3.47.0 npm +node-abi 3.51.0 npm node-addon-api 5.1.0 npm node-fetch 2.6.7 npm normalize-path 3.0.0 npm nth-check 2.1.1 npm object-hash 2.2.0 npm -object-inspect 1.12.3 npm +object-inspect 1.13.1 npm officegen 0.6.5 npm on-finished 2.4.1 npm once 1.4.0 npm @@ -273,16 +276,17 @@ require-directory 2.1.1 npm resolve-from 4.0.0 npm restructure 3.0.0 npm rimraf 3.0.2 npm -roughjs 4.6.4 npm +roughjs 4.6.5 npm safe-buffer 5.1.2 npm safe-buffer 5.2.1 npm safe-stable-stringify 2.4.3 npm safer-buffer 2.1.2 npm -sass 1.68.0 npm +sass 1.69.4 npm select 1.1.2 npm semver 7.5.4 npm send 0.18.0 npm serve-static 1.15.0 npm +set-function-length 1.1.1 npm setimmediate 1.0.5 npm setprototypeof 1.2.0 npm sharp 0.30.7 npm @@ -316,6 +320,7 @@ type-is 1.6.18 npm uifactory npm uifactory 0.0.4 npm unbzip2-stream 1.4.3 npm +undici-types 5.25.3 npm unicode-properties 1.4.1 npm unicode-trie 2.0.0 npm unpipe 1.0.0 npm @@ -326,9 +331,9 @@ vegam 0.0.4 npm webidl-conversions 3.0.1 npm whatwg-url 5.0.0 npm which 2.0.2 npm -winston 3.10.0 npm +winston 3.11.0 npm winston-daily-rotate-file 4.7.1 npm -winston-transport 4.5.0 npm +winston-transport 4.6.0 npm wrap-ansi 7.0.0 npm wrappy 1.0.2 npm ws 8.13.0 npm