Upgrade sqlalchemy 13.16 -> 1.3.24 and starlette 0.19.1 -> 0.25.0, ar…

…iadne 0.13 -> 0.17, fastapi 0.78 -> 0.92 (#379) ### Feature or Bugfix - Bugfix ### Detail - Upgrade starlette version: vulnerability found in starlette <0.25 (https://security.snyk.io/vuln/SNYK-PYTHON-STARLETTE-3319937). It does not affect data.all as we do not use `python-multipart` but nevertheless it is better to be in a non-vulnerable version. - Upgrade sqlalchemy version: the vulnerability is not stopping the CICD pipeline, but by upgrading we are able to use the latest version of alembic and we can revert the pinning of the version which happened in #354 - Upgrade ariadne to version 0.17.0: needed to support starlette 0.25.0 Higher version of ariadne==0.18.0 removes `PLAYGROUND_HTML` constant that we use in testing (Check [docs](https://ariadnegraphql.org/docs/0.17/constants-reference)) - Upgrade fastapi version to 0.92.0: needed to support starlette 0.25.0 (Version that supports this particular version of starlette, [docs](https://fastapi.tiangolo.com/release-notes/#0920)) ### Relates - #378 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
data-dot-all · Mar 20, 2023 · 4002963 · 4002963
1 parent 171a75c
commit 4002963
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 6 deletions.
diff --git a/Makefile b/Makefile
@@ -76,12 +76,12 @@ assume-role:
 	rm .assume_role_json
 
 drop-tables: upgrade-pip install-backend
-	pip install 'alembic==1.9.4'
+	pip install 'alembic'
 	export PYTHONPATH=./backend && \
 	python backend/migrations/drop_tables.py
 
 upgrade-db: upgrade-pip install-backend
-	pip install 'alembic==1.9.4'
+	pip install 'alembic'
 	export PYTHONPATH=./backend && \
 	alembic -c backend/alembic.ini upgrade head
 

diff --git a/backend/dataall/cdkproxy/requirements.txt b/backend/dataall/cdkproxy/requirements.txt
@@ -5,7 +5,8 @@ boto3-stubs==1.24.85
 botocore==1.27.85
 cdk-nag==2.7.2
 constructs==10.0.73
-fastapi==0.78.0
+starlette==0.25.0
+fastapi == 0.92.0
 Flask==2.0.3
 PyYAML==6.0
 requests==2.27.1

diff --git a/backend/requirements.txt b/backend/requirements.txt
@@ -1,7 +1,8 @@
-ariadne==0.13.0
+ariadne==0.17.0
 aws-xray-sdk==2.4.3
 boto3==1.24.85
 botocore==1.27.85
+fastapi == 0.92.0
 Flask==2.0.3
 flask-cors==3.0.10
 nanoid==2.0.0
@@ -12,4 +13,5 @@ pyjwt==2.4.0
 PyYAML==6.0
 requests==2.27.1
 requests_aws4auth==1.1.1
-sqlalchemy==1.3.16
+sqlalchemy==1.3.24
+starlette==0.25.0
diff --git a/deploy/stacks/dbmigration.py b/deploy/stacks/dbmigration.py
@@ -108,7 +108,7 @@ def __init__(
                                 'python -m venv env',
                                 '. env/bin/activate',
                                 'pip install -r backend/requirements.txt',
-                                'pip install "alembic==1.9.4"',
+                                'pip install alembic',
                                 'export PYTHONPATH=backend',
                                 f'export envname={envname}',
                                 f'alembic -c backend/alembic.ini upgrade head',