From e07a81b3bd1fd44e6dc6497cfadc5aabbbe33213 Mon Sep 17 00:00:00 2001 From: dlpzx Date: Tue, 6 Feb 2024 10:25:33 +0100 Subject: [PATCH 1/2] Update starlette version and dependecies to avoid ReDoS --- backend/dataall/base/cdkproxy/requirements.txt | 4 ++-- backend/requirements.txt | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/backend/dataall/base/cdkproxy/requirements.txt b/backend/dataall/base/cdkproxy/requirements.txt index 15874c98f..883dd5d08 100644 --- a/backend/dataall/base/cdkproxy/requirements.txt +++ b/backend/dataall/base/cdkproxy/requirements.txt @@ -4,8 +4,8 @@ boto3-stubs==1.24.85 botocore==1.27.85 cdk-nag==2.7.2 constructs==10.0.73 -starlette==0.27.0 -fastapi == 0.95.2 +starlette==0.36.3 +fastapi == 0.109.2 Flask==2.3.2 PyYAML==6.0 requests==2.31.0 diff --git a/backend/requirements.txt b/backend/requirements.txt index 16f1de1bc..c27b9af1a 100644 --- a/backend/requirements.txt +++ b/backend/requirements.txt @@ -1,8 +1,8 @@ -ariadne==0.17.0 +ariadne==0.22.0 aws-xray-sdk==2.4.3 boto3==1.26.95 botocore==1.29.95 -fastapi == 0.95.2 +fastapi == 0.109.2 Flask==2.3.2 flask-cors==3.0.10 nanoid==2.0.0 @@ -14,4 +14,4 @@ PyYAML==6.0 requests==2.31.0 requests_aws4auth==1.1.1 sqlalchemy==1.3.24 -starlette==0.27.0 \ No newline at end of file +starlette==0.36.3 \ No newline at end of file From af49e98fd0d83862d7c6c5a5ad49fa49e1ffb1df Mon Sep 17 00:00:00 2001 From: dlpzx Date: Tue, 6 Feb 2024 10:31:51 +0100 Subject: [PATCH 2/2] Downgrade ariadne --- backend/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/requirements.txt b/backend/requirements.txt index c27b9af1a..bf8128150 100644 --- a/backend/requirements.txt +++ b/backend/requirements.txt @@ -1,4 +1,4 @@ -ariadne==0.22.0 +ariadne==0.17.0 aws-xray-sdk==2.4.3 boto3==1.26.95 botocore==1.29.95