From 6c916dfee613ae0f564640418b5bbfa333ba6f1d Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 10 Feb 2026 19:25:16 +0530 Subject: [PATCH 01/16] Update VCIO technologies Signed-off-by: Tushar Goel --- Dockerfile | 2 +- docker-compose.yml | 2 +- requirements.txt | 20 +++++++++---------- setup.cfg | 8 ++++---- vulnerabilities/management/commands/export.py | 2 +- 5 files changed, 16 insertions(+), 18 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1bd35b926..e3d6f6892 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ # See https://github.com/nexB/vulnerablecode for support or download. # See https://aboutcode.org for more information about nexB OSS projects -FROM python:3.9 +FROM python:3.12 WORKDIR /app diff --git a/docker-compose.yml b/docker-compose.yml index 2f5879220..76b645560 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: db: - image: postgres:13 + image: postgres:15 command: -c config_file=/etc/postgresql/postgresql.conf env_file: - docker.env diff --git a/requirements.txt b/requirements.txt index dbda64e0c..6788a34a5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,7 +4,7 @@ alabaster==0.7.12 asgiref==3.8.1 asttokens==2.0.5 async-timeout==4.0.2 -attrs==21.4.0 +attrs==23.2.0 Babel==2.9.1 backcall==0.2.0 bcrypt==3.2.0 @@ -23,11 +23,11 @@ coreschema==0.0.4 cryptography==44.0.1 crispy-bootstrap4==2024.1 cwe2==3.0.0 -dateparser==1.1.1 +dateparser==1.3.0 decorator==5.1.1 defusedxml==0.7.1 distro==1.7.0 -Django==4.2.25 +Django==5.2.11 django-altcha==0.2.0 django-crispy-forms==2.3 django-environ==0.11.2 @@ -48,24 +48,22 @@ GitPython==3.1.41 gunicorn==23.0.0 idna==3.3 imagesize==1.3.0 -importlib-metadata==4.11.3 iniconfig==1.1.1 ipython==8.10.0 isort==5.10.1 itypes==1.2.0 jedi==0.18.1 Jinja2==3.1.6 -jsonschema==3.2.0 +jsonschema==4.21.0 license-expression==30.3.1 -lxml==4.9.1 -Markdown==3.3.4 -markdown-it-py==3.0.0 +lxml==6.0.2 +Markdown==3.5.0 MarkupSafe==2.1.1 matplotlib-inline==0.1.3 multidict==6.0.2 mypy-extensions==0.4.3 packageurl-python==0.17.6 -packaging==21.3 +packaging==23.2 paramiko==3.4.0 parso==0.8.3 pathspec==0.9.0 @@ -76,7 +74,7 @@ platformdirs==2.5.1 pluggy==1.0.0 pprintpp==0.4.0 prompt-toolkit==3.0.30 -psycopg2-binary==2.9.3 +psycopg2-binary==2.9.11 ptyprocess==0.7.0 pure-eval==0.2.2 py==1.11.0 @@ -90,7 +88,7 @@ pytest==7.1.1 pytest-django==4.5.2 python-dateutil==2.8.2 python-dotenv==0.20.0 -pytz==2022.1 +pytz==2024.2 PyYAML==6.0.1 redis==5.0.1 requests==2.32.0 diff --git a/setup.cfg b/setup.cfg index c104497ab..83d7c96e4 100644 --- a/setup.cfg +++ b/setup.cfg @@ -48,14 +48,14 @@ license_files = README.rst [options] -python_requires = >=3.9 +python_requires = >=3.12 packages=find: include_package_data = true zip_safe = false install_requires = - Django>=4.2.0,<=5.0 + Django>=5.2.11,<=6.0 psycopg2-binary>=2.8.6 djangorestframework>=3.15.0 django-extensions>=3.2.3 @@ -83,8 +83,8 @@ install_requires = toml>=0.10.2 lxml>=4.6.4 defusedxml>=0.7.1 - Markdown>=3.3.0 - dateparser>=1.1.1 + Markdown>=3.5.0 + dateparser>=1.3.0 cvss>=2.4 cwe2>=3.0.0 diff --git a/vulnerabilities/management/commands/export.py b/vulnerabilities/management/commands/export.py index 36323b04b..17ef4d99f 100644 --- a/vulnerabilities/management/commands/export.py +++ b/vulnerabilities/management/commands/export.py @@ -188,7 +188,7 @@ def packages_by_type_ns_name(): "fixing_vulnerabilities__weaknesses", "fixing_vulnerabilities__severities", ) - .iterator() + .iterator(chunk_size=1000) ) for tp_ns_name, packages in groupby(qs, key=by_purl_type_ns_name): From bcdea23c9e421c09709e3ba75b02ab97135d9c9c Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 10 Feb 2026 20:17:16 +0530 Subject: [PATCH 02/16] Drop python 3.9 Signed-off-by: Tushar Goel --- .github/workflows/main.yml | 2 +- .github/workflows/pypi-release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7c6872e44..7a297e244 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -29,7 +29,7 @@ jobs: strategy: max-parallel: 4 matrix: - python-version: ["3.9", "3.10", "3.11"] + python-version: ["3.11", "3.12"] steps: - name: Checkout code diff --git a/.github/workflows/pypi-release.yml b/.github/workflows/pypi-release.yml index 88c6664d6..f791a2805 100644 --- a/.github/workflows/pypi-release.yml +++ b/.github/workflows/pypi-release.yml @@ -28,7 +28,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v1 with: - python-version: 3.9 + python-version: 3.12 - name: Install pypa/build run: python -m pip install build --user From 8661d53d43a75aa63975a86c12dd5cc26db3821c Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 10 Feb 2026 20:21:41 +0530 Subject: [PATCH 03/16] Upgrade setuptools, wheel and pip Signed-off-by: Tushar Goel --- .github/workflows/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7a297e244..18c77fd9c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -39,6 +39,10 @@ jobs: uses: actions/setup-python@v2 with: python-version: ${{ matrix.python-version }} + + - name: Upgrade pip, setuptools, wheel + run: | + python -m pip install --upgrade pip setuptools wheel - name: Install dependencies run: make dev envfile From 8cf633484d4c709e50fa9c6d55adf05fe254e947 Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 10 Feb 2026 20:27:12 +0530 Subject: [PATCH 04/16] Fix packaging Signed-off-by: Tushar Goel --- .github/workflows/main.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 18c77fd9c..cd145c7ef 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -42,7 +42,11 @@ jobs: - name: Upgrade pip, setuptools, wheel run: | - python -m pip install --upgrade pip setuptools wheel + python -m pip install --upgrade --force-reinstall \ + pip>=24.0 \ + setuptools>=69.0 \ + wheel>=0.42 \ + packaging - name: Install dependencies run: make dev envfile From 6db811527a0e1493a37173b7b02ccf0f84de038f Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 10 Feb 2026 20:46:16 +0530 Subject: [PATCH 05/16] Upgrade setuptools, wheel and pip Signed-off-by: Tushar Goel --- .github/workflows/main.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index cd145c7ef..f07aeb64d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -42,11 +42,7 @@ jobs: - name: Upgrade pip, setuptools, wheel run: | - python -m pip install --upgrade --force-reinstall \ - pip>=24.0 \ - setuptools>=69.0 \ - wheel>=0.42 \ - packaging + python -m pip install --upgrade pip==26.0.1 setuptools==82.0.0 wheel==0.46.3 - name: Install dependencies run: make dev envfile From 02b85bc033f8ae0bf86f629d4e2f4a801228ef51 Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 10 Feb 2026 20:48:47 +0530 Subject: [PATCH 06/16] Upgrade setuptools, wheel and pip Signed-off-by: Tushar Goel --- .github/workflows/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f07aeb64d..453fa0741 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -40,13 +40,13 @@ jobs: with: python-version: ${{ matrix.python-version }} - - name: Upgrade pip, setuptools, wheel - run: | - python -m pip install --upgrade pip==26.0.1 setuptools==82.0.0 wheel==0.46.3 - name: Install dependencies run: make dev envfile + - name: Upgrade pip, setuptools, wheel + run: | + python -m pip install --upgrade pip==26.0.1 setuptools==82.0.0 wheel==0.46.3 # Disable codestyle checks until we have cleaned up the code # - name: Validate code format # run: make check From 9077cee5e4e3ca854b752e6ae0ee8dea71e9c1be Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 10 Feb 2026 20:53:35 +0530 Subject: [PATCH 07/16] Upgrade setuptools, wheel and pip Signed-off-by: Tushar Goel --- .github/workflows/main.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 453fa0741..9709f4079 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -43,10 +43,6 @@ jobs: - name: Install dependencies run: make dev envfile - - - name: Upgrade pip, setuptools, wheel - run: | - python -m pip install --upgrade pip==26.0.1 setuptools==82.0.0 wheel==0.46.3 # Disable codestyle checks until we have cleaned up the code # - name: Validate code format # run: make check From b6a883f7b46688905014fc47a4c159d7e8aa8f27 Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 10 Feb 2026 20:53:40 +0530 Subject: [PATCH 08/16] Upgrade setuptools, wheel and pip Signed-off-by: Tushar Goel --- Makefile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Makefile b/Makefile index aaadfefa7..3b56c29bb 100644 --- a/Makefile +++ b/Makefile @@ -49,12 +49,18 @@ endif virtualenv: @echo "-> Bootstrap the virtualenv with PYTHON_EXE=${PYTHON_EXE}" + @$(MAKE) upgrade-tools @${PYTHON_EXE} ${VIRTUALENV_PYZ} --never-download --no-periodic-update ${VENV} conf: virtualenv @echo "-> Install dependencies" @${ACTIVATE} pip install -e . -c requirements.txt +upgrade-tools: + @echo "-> Upgrade pip / setuptools / wheel (Python 3.12 safe)" + @${ACTIVATE} python -m pip install --upgrade --force-reinstall \ + pip setuptools wheel packaging + dev: virtualenv @echo "-> Configure and install development dependencies" @${ACTIVATE} pip install -e .[dev] -c requirements.txt From 337fe6ecc3f3892ea81775787b9f71d033c6192c Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 10 Feb 2026 20:54:54 +0530 Subject: [PATCH 09/16] Upgrade setuptools, wheel and pip Signed-off-by: Tushar Goel --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 3b56c29bb..dc7dbf88c 100644 --- a/Makefile +++ b/Makefile @@ -49,8 +49,8 @@ endif virtualenv: @echo "-> Bootstrap the virtualenv with PYTHON_EXE=${PYTHON_EXE}" - @$(MAKE) upgrade-tools @${PYTHON_EXE} ${VIRTUALENV_PYZ} --never-download --no-periodic-update ${VENV} + @$(MAKE) upgrade-tools conf: virtualenv @echo "-> Install dependencies" From 91bbaee3694b4d3eed39c8772f11c236f5aaea86 Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 10 Feb 2026 20:56:31 +0530 Subject: [PATCH 10/16] Upgrade setuptools, wheel and pip Signed-off-by: Tushar Goel --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index dc7dbf88c..8f4811039 100644 --- a/Makefile +++ b/Makefile @@ -49,7 +49,7 @@ endif virtualenv: @echo "-> Bootstrap the virtualenv with PYTHON_EXE=${PYTHON_EXE}" - @${PYTHON_EXE} ${VIRTUALENV_PYZ} --never-download --no-periodic-update ${VENV} + @${PYTHON_EXE} ${VIRTUALENV_PYZ} --download ${VENV} @$(MAKE) upgrade-tools conf: virtualenv From 6b6f49ae5461bf3db86056d19194872bfff5d72c Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 10 Feb 2026 21:20:04 +0530 Subject: [PATCH 11/16] Upgrade setuptools, wheel and pip Signed-off-by: Tushar Goel --- Makefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 8f4811039..3b4daccb5 100644 --- a/Makefile +++ b/Makefile @@ -52,15 +52,15 @@ virtualenv: @${PYTHON_EXE} ${VIRTUALENV_PYZ} --download ${VENV} @$(MAKE) upgrade-tools +upgrade-tools: + @echo "-> Upgrade pip / setuptools / wheel (Python 3.12 safe)" + @${VENV}/bin/python -m pip install --upgrade --force-reinstall \ + "pip>=24" "setuptools>=69" "wheel>=0.42" packaging + conf: virtualenv @echo "-> Install dependencies" @${ACTIVATE} pip install -e . -c requirements.txt -upgrade-tools: - @echo "-> Upgrade pip / setuptools / wheel (Python 3.12 safe)" - @${ACTIVATE} python -m pip install --upgrade --force-reinstall \ - pip setuptools wheel packaging - dev: virtualenv @echo "-> Configure and install development dependencies" @${ACTIVATE} pip install -e .[dev] -c requirements.txt From 75329ec4e88d2fa648b5b73679efa8d53277312e Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 10 Feb 2026 21:22:09 +0530 Subject: [PATCH 12/16] Upgrade setuptools, wheel and pip Signed-off-by: Tushar Goel --- Makefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 3b4daccb5..b790c43d2 100644 --- a/Makefile +++ b/Makefile @@ -50,12 +50,12 @@ endif virtualenv: @echo "-> Bootstrap the virtualenv with PYTHON_EXE=${PYTHON_EXE}" @${PYTHON_EXE} ${VIRTUALENV_PYZ} --download ${VENV} - @$(MAKE) upgrade-tools +# @$(MAKE) upgrade-tools -upgrade-tools: - @echo "-> Upgrade pip / setuptools / wheel (Python 3.12 safe)" - @${VENV}/bin/python -m pip install --upgrade --force-reinstall \ - "pip>=24" "setuptools>=69" "wheel>=0.42" packaging +# upgrade-tools: +# @echo "-> Upgrade pip / setuptools / wheel (Python 3.12 safe)" +# @${VENV}/bin/python -m pip install --upgrade --force-reinstall \ +# "pip>=24" "setuptools>=69" "wheel>=0.42" packaging conf: virtualenv @echo "-> Install dependencies" From 0a9b72eeb6a2b2aabd4e3a61ead9f580e0c2de00 Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 10 Feb 2026 21:25:15 +0530 Subject: [PATCH 13/16] Upgrade setuptools, wheel and pip Signed-off-by: Tushar Goel --- Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index b790c43d2..a47db60e2 100644 --- a/Makefile +++ b/Makefile @@ -49,13 +49,13 @@ endif virtualenv: @echo "-> Bootstrap the virtualenv with PYTHON_EXE=${PYTHON_EXE}" - @${PYTHON_EXE} ${VIRTUALENV_PYZ} --download ${VENV} -# @$(MAKE) upgrade-tools + @${PYTHON_EXE} --download ${VENV} + @$(MAKE) upgrade-tools -# upgrade-tools: -# @echo "-> Upgrade pip / setuptools / wheel (Python 3.12 safe)" -# @${VENV}/bin/python -m pip install --upgrade --force-reinstall \ -# "pip>=24" "setuptools>=69" "wheel>=0.42" packaging +upgrade-tools: + @echo "-> Upgrade pip / setuptools / wheel (Python 3.12 safe)" + @${VENV}/bin/python -m pip install --upgrade --force-reinstall \ + "pip>=24" "setuptools>=69" "wheel>=0.42" packaging conf: virtualenv @echo "-> Install dependencies" From 33cb7d5e3104db18c6f1fb31096fdb5b1a53b3ae Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 10 Feb 2026 21:26:57 +0530 Subject: [PATCH 14/16] Upgrade setuptools, wheel and pip Signed-off-by: Tushar Goel --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index a47db60e2..47ea23a14 100644 --- a/Makefile +++ b/Makefile @@ -49,7 +49,7 @@ endif virtualenv: @echo "-> Bootstrap the virtualenv with PYTHON_EXE=${PYTHON_EXE}" - @${PYTHON_EXE} --download ${VENV} + @${PYTHON_EXE} -m venv ${VENV} @$(MAKE) upgrade-tools upgrade-tools: From fd05fbf042c639103f1c0101b127c9d2c25458bf Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 10 Feb 2026 21:28:50 +0530 Subject: [PATCH 15/16] Add python3.13 Signed-off-by: Tushar Goel --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 9709f4079..0f53cfa74 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -29,7 +29,7 @@ jobs: strategy: max-parallel: 4 matrix: - python-version: ["3.11", "3.12"] + python-version: ["3.12", "3.13"] steps: - name: Checkout code From 59b5071c3403c866490b097150ceab173ba72100 Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Tue, 10 Feb 2026 21:43:08 +0530 Subject: [PATCH 16/16] Update python in rtd Signed-off-by: Tushar Goel --- .github/workflows/docs.yml | 2 +- .readthedocs.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index a92238227..e2dbf7657 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -9,7 +9,7 @@ jobs: strategy: max-parallel: 4 matrix: - python-version: [3.9] + python-version: [3.12] steps: - name: Checkout code diff --git a/.readthedocs.yml b/.readthedocs.yml index 683f3a82a..0133e7c07 100644 --- a/.readthedocs.yml +++ b/.readthedocs.yml @@ -9,7 +9,7 @@ version: 2 build: os: ubuntu-22.04 tools: - python: "3.11" + python: "3.12" # Build PDF & ePub formats: