From 46dc5a347dde49f72798ed78db3a65b1cf53bdde Mon Sep 17 00:00:00 2001
From: Roman Ivaniuk <ivaniuk.r.i@gmail.com>
Date: Wed, 28 Jun 2023 15:46:15 +0300
Subject: [PATCH] [Snyk] Security upgrade cryptography from 40.0.1 to 41.0.0
 (#1324)

* fix: requirements/full_requirements.txt to reduce vulnerabilities


The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5663682

* Bump extra dependencies

---------

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Oleksandr Fedorov <2283679+o-fedorov@users.noreply.github.com>
---
 requirements/full_requirements.txt | 66 +++++++++++++-----------------
 1 file changed, 29 insertions(+), 37 deletions(-)

diff --git a/requirements/full_requirements.txt b/requirements/full_requirements.txt
index 0962468a3..8677ff34b 100644
--- a/requirements/full_requirements.txt
+++ b/requirements/full_requirements.txt
@@ -1,8 +1,8 @@
 #
-# This file is autogenerated by pip-compile with Python 3.9
+# This file is autogenerated by pip-compile with Python 3.10
 # by the following command:
 #
-#    pip-compile --output-file=full_requirements.txt mlflow_requirements.in postgres_requirements.in requirements.in
+#    pip-compile --output-file=full_requirements.txt --resolver=backtracking mlflow_requirements.in postgres_requirements.in requirements.in
 #
 absl-py==1.4.0
     # via
@@ -29,7 +29,7 @@ azure-common==1.1.28
     #   azure-mgmt-resource
     #   azure-mgmt-storage
     #   azureml-core
-azure-core==1.27.0
+azure-core==1.27.1
     # via
     #   azure-mgmt-core
     #   azureml-core
@@ -53,7 +53,7 @@ azure-mgmt-resource==22.0.0
     # via azureml-core
 azure-mgmt-storage==21.0.0
     # via azureml-core
-azureml-core==1.51.0
+azureml-core==1.52.0
     # via -r mlflow_requirements.in
 backports-tempfile==1.0
     # via azureml-core
@@ -89,9 +89,9 @@ cloudpickle==2.2.1
     # via mlflow
 contextlib2==21.6.0
     # via azureml-core
-contourpy==1.0.7
+contourpy==1.1.0
     # via matplotlib
-cryptography==40.0.2
+cryptography==41.0.1
     # via
     #   adal
     #   azureml-core
@@ -104,7 +104,7 @@ cycler==0.11.0
     # via matplotlib
 databricks-cli==0.17.7
     # via mlflow
-dataclasses-json==0.5.7
+dataclasses-json==0.5.8
     # via -r requirements.in
 dictdiffer==0.9.0
     # via -r requirements.in
@@ -120,7 +120,7 @@ flask==2.3.2
     #   mlflow
 flatbuffers==23.5.26
     # via tensorflow
-fonttools==4.39.4
+fonttools==4.40.0
     # via matplotlib
 gast==0.4.0
     # via tensorflow
@@ -128,7 +128,7 @@ gitdb==4.0.10
     # via gitpython
 gitpython==3.1.31
     # via mlflow
-google-auth==2.19.1
+google-auth==2.21.0
     # via
     #   google-auth-oauthlib
     #   tensorboard
@@ -136,15 +136,15 @@ google-auth-oauthlib==1.0.0
     # via tensorboard
 google-pasta==0.2.0
     # via tensorflow
-gordo-client==6.2.0
+gordo-client==6.2.2
     # via -r requirements.in
-gordo-core==0.3.1
+gordo-core==0.3.2
     # via gordo-client
 graphviz==0.20.1
     # via catboost
 greenlet==2.0.2
     # via sqlalchemy
-grpcio==1.54.2
+grpcio==1.56.0
     # via
     #   tensorboard
     #   tensorflow
@@ -152,7 +152,7 @@ gunicorn==20.1.0
     # via
     #   -r requirements.in
     #   mlflow
-h5py==3.8.0
+h5py==3.9.0
     # via
     #   -r requirements.in
     #   tensorflow
@@ -160,14 +160,8 @@ humanfriendly==10.0
     # via azureml-core
 idna==3.4
     # via requests
-importlib-metadata==6.6.0
-    # via
-    #   flask
-    #   jax
-    #   markdown
-    #   mlflow
-importlib-resources==5.12.0
-    # via matplotlib
+importlib-metadata==6.7.0
+    # via mlflow
 influxdb==5.3.1
     # via gordo-core
 isodate==0.6.1
@@ -176,7 +170,7 @@ isodate==0.6.1
     #   msrest
 itsdangerous==2.1.2
     # via flask
-jax==0.4.11
+jax==0.4.13
     # via tensorflow
 jeepney==0.8.0
     # via secretstorage
@@ -222,9 +216,9 @@ matplotlib==3.7.1
     # via
     #   catboost
     #   mlflow
-ml-dtypes==0.1.0
+ml-dtypes==0.2.0
     # via jax
-mlflow==2.3.2
+mlflow==2.4.1
     # via -r mlflow_requirements.in
 msal==1.22.0
     # via
@@ -307,13 +301,13 @@ pillow==9.5.0
     # via matplotlib
 pkginfo==1.9.6
     # via azureml-core
-plotly==5.14.1
+plotly==5.15.0
     # via catboost
 portalocker==2.7.0
     # via msal-extensions
 prometheus-client==0.17.0
     # via -r requirements.in
-protobuf==4.23.2
+protobuf==4.23.3
     # via
     #   mlflow
     #   tensorboard
@@ -333,7 +327,7 @@ pyasn1-modules==0.3.0
     # via google-auth
 pycparser==2.21
     # via cffi
-pydantic==1.10.8
+pydantic==1.10.9
     # via gordo-client
 pygments==2.15.1
     # via knack
@@ -349,7 +343,7 @@ pyopenssl==23.2.0
     # via
     #   azureml-core
     #   ndg-httpsclient
-pyparsing==3.0.9
+pyparsing==3.1.0
     # via
     #   matplotlib
     #   packaging
@@ -400,7 +394,7 @@ scikit-learn==1.2.2
     # via
     #   gordo-core
     #   mlflow
-scipy==1.10.1
+scipy==1.11.0
     # via
     #   catboost
     #   jax
@@ -428,7 +422,7 @@ six==1.16.0
     #   tensorflow
 smmap==5.0.0
     # via gitdb
-sqlalchemy==2.0.15
+sqlalchemy==2.0.17
     # via
     #   alembic
     #   mlflow
@@ -442,7 +436,7 @@ tenacity==8.2.2
     # via plotly
 tensorboard==2.12.3
     # via tensorflow
-tensorboard-data-server==0.7.0
+tensorboard-data-server==0.7.1
     # via tensorboard
 tensorflow==2.12.0
     # via -r requirements.in
@@ -471,9 +465,9 @@ urllib3==1.26.16
     #   docker
     #   google-auth
     #   requests
-websocket-client==1.5.2
+websocket-client==1.6.1
     # via docker
-werkzeug==2.3.4
+werkzeug==2.3.6
     # via
     #   flask
     #   tensorboard
@@ -485,12 +479,10 @@ wrapt==1.14.1
     # via
     #   gordo-client
     #   tensorflow
-xarray==2023.5.0
+xarray==2023.6.0
     # via gordo-core
 zipp==3.15.0
-    # via
-    #   importlib-metadata
-    #   importlib-resources
+    # via importlib-metadata
 
 # The following packages are considered to be unsafe in a requirements file:
 # setuptools