Merge pull request #232 from cyclotruc/chore/update-dependencies-and-precommit-hooks

chore: remove unused dependencies and pin fastapi/starlette/uvicorn to fix vulnerabilities

Author: filipchristiansen

.pre-commit-config.yaml

@@ -95,16 +95,16 @@ repos:
         files: ^src/
         additional_dependencies:
           [
-            chardet,
-            click,
-            fastapi-analytics,
+            click>=8.0.0,
+            "fastapi[standard]>=0.109.1",
+            pydantic,
             pytest-asyncio,
             python-dotenv,
             slowapi,
-            starlette,
+            starlette>=0.40.0,
             tiktoken,
             tomli,
-            uvicorn,
+            uvicorn>=0.11.7,
           ]
       - id: pylint
         name: pylint for tests
@@ -113,17 +113,16 @@ repos:
           - --rcfile=tests/.pylintrc
         additional_dependencies:
           [
-            chardet,
-            click,
-            fastapi-analytics,
-            pytest,
+            click>=8.0.0,
+            "fastapi[standard]>=0.109.1",
+            pydantic,
             pytest-asyncio,
             python-dotenv,
             slowapi,
-            starlette,
-            tomli,
+            starlette>=0.40.0,
             tiktoken,
-            uvicorn,
+            tomli,
+            uvicorn>=0.11.7,
           ]
 
   - repo: meta

pyproject.toml

@@ -6,9 +6,15 @@ readme = {file = "README.md", content-type = "text/markdown" }
 requires-python = ">= 3.8"
 dependencies = [
     "click>=8.0.0",
+    "fastapi[standard]>=0.109.1",  # Vulnerable to https://osv.dev/vulnerability/PYSEC-2024-38
+    "pydantic",
+    "python-dotenv",
+    "slowapi",
+    "starlette>=0.40.0",  # Vulnerable to https://osv.dev/vulnerability/GHSA-f96h-pmfr-66vw
     "tiktoken",
     "tomli",
     "typing_extensions; python_version < '3.10'",
+    "uvicorn>=0.11.7",  # Vulnerable to https://osv.dev/vulnerability/PYSEC-2020-150
 ]
 
 license = {file = "LICENSE"}

requirements.txt

@@ -1,6 +1,6 @@
-chardet
 click>=8.0.0
 fastapi[standard]>=0.109.1  # Vulnerable to https://osv.dev/vulnerability/PYSEC-2024-38
+pydantic
 python-dotenv
 slowapi
 starlette>=0.40.0  # Vulnerable to https://osv.dev/vulnerability/GHSA-f96h-pmfr-66vw

src/gitingest/ingestion_schema.py

@@ -4,7 +4,7 @@
 from pathlib import Path
 from typing import Optional, Set
 
-from pydantic import BaseModel, Field
+from pydantic import BaseModel, ConfigDict, Field
 
 from gitingest.config import MAX_FILE_SIZE
 
@@ -58,10 +58,7 @@ class IngestionQuery(BaseModel):  # pylint: disable=too-many-instance-attributes
     ignore_patterns: Optional[Set[str]] = None
     include_patterns: Optional[Set[str]] = None
 
-    class Config:
-        """Pydantic model configuration."""
-
-        arbitrary_types_allowed = True
+    model_config = ConfigDict(arbitrary_types_allowed=True)
 
     def extract_clone_config(self) -> CloneConfig:
         """