diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 9f0c1f93e..0f419a090 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -18,11 +18,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit - name: 'Checkout Repository' - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 \ No newline at end of file + uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 \ No newline at end of file diff --git a/.github/workflows/python-checks.yml b/.github/workflows/python-checks.yml index bf3a42752..f5887f32f 100644 --- a/.github/workflows/python-checks.yml +++ b/.github/workflows/python-checks.yml @@ -22,15 +22,15 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: ${{ matrix.python-version }} - name: Install uv - uses: install-pinned/uv@de03c60d508703a83d3f8f49afcf1249590ecda1 # 0.4.12 + uses: install-pinned/uv@79cef4cccc47c7fb191b653a4184e34d83437a8b # 0.4.12 - name: Patch install error when using Python 3.9, limited dependencies, and MacOS if: ${{ matrix.limited-dependencies }} == True and ${{ matrix.os }} == "macos-latest" and ${{ matrix.python-version }} == "3.9" @@ -51,15 +51,15 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Python 3.12 - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: "3.12" - name: Install uv - uses: install-pinned/uv@de03c60d508703a83d3f8f49afcf1249590ecda1 # 0.4.12 + uses: install-pinned/uv@79cef4cccc47c7fb191b653a4184e34d83437a8b # 0.4.12 - name: Install dependencies run: | @@ -73,15 +73,15 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Python 3.12 - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: "3.12" - name: Install uv - uses: install-pinned/uv@de03c60d508703a83d3f8f49afcf1249590ecda1 # 0.4.12 + uses: install-pinned/uv@79cef4cccc47c7fb191b653a4184e34d83437a8b # 0.4.12 - name: Install dependencies run: | @@ -95,15 +95,15 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Python 3.12 - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: "3.12" - name: Install uv - uses: install-pinned/uv@de03c60d508703a83d3f8f49afcf1249590ecda1 # 0.4.12 + uses: install-pinned/uv@79cef4cccc47c7fb191b653a4184e34d83437a8b # 0.4.12 - name: Install bandit run: | @@ -117,15 +117,15 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Python 3.12 - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: "3.12" - name: Install uv - uses: install-pinned/uv@de03c60d508703a83d3f8f49afcf1249590ecda1 # 0.4.12 + uses: install-pinned/uv@79cef4cccc47c7fb191b653a4184e34d83437a8b # 0.4.12 - name: Install dependencies run: | @@ -152,14 +152,14 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: ${{ matrix.python-version }} cache: pip diff --git a/.github/workflows/security_scorecard.yml b/.github/workflows/security_scorecard.yml index 8db966b41..24cc4e6ca 100644 --- a/.github/workflows/security_scorecard.yml +++ b/.github/workflows/security_scorecard.yml @@ -33,12 +33,12 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -74,6 +74,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 with: sarif_file: results.sarif \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index 6a049c630..71024a095 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,27 +2,26 @@ pyairtable==2.3.3 azure-storage-blob==12.13.0 boto3>=1.17.98 boxsdk==2.10.0 -braintree==4.17.1 -bs4==0.0.1 -censusgeocode==0.4.3.post1 +braintree==4.31.0 +bs4==0.0.2 +censusgeocode==0.5.2 civis==1.16.1 curlify==2.2.1 dbt_redshift==1.4.0 docutils<0.18,>=0.14 defusedxml>=0.7.1, <=0.8.0 facebook-business==13.0.0 -google-api-core==2.19.2 +google-api-core==2.23.0 google-api-python-client==1.7.7 google-auth==2.29.0 google-cloud-bigquery==3.26.0 google-cloud-storage-transfer==1.9.1 google-cloud-storage==2.18.2 -google-resumable-media==2.7.0 -grpcio==1.62.2 -gspread==3.7.0 +grpcio==1.68.1 +gspread==6.1.4 httplib2==0.22.0 joblib==1.2.0 -mysql-connector-python==8.0.18 +mysql-connector-python==9.1.0 newmode==0.1.6 oauth2client==4.1.3 paramiko==3.4.0 @@ -36,10 +35,10 @@ setuptools==70.0.0 simple-salesforce==1.11.6 simplejson==3.16.0 slackclient==1.3.0 -sqlalchemy >= 1.4.22, != 1.4.33, < 2.0.0 # Prefect does not work with 1.4.33 and >=2.0.0 has breaking changes -suds-py3==1.4.4.1 +sqlalchemy >= 1.4.22, != 1.4.33, < 3.0.0 # Prefect does not work with 1.4.33 and >=2.0.0 has breaking changes +suds-py3==1.4.5.0 surveygizmo==1.2.3 -twilio==8.2.1 +twilio==9.3.8 urllib3==1.26.19 validate-email==1.3 xmltodict==0.14.1 diff --git a/setup.py b/setup.py index 88f11c30a..93707a4b5 100644 --- a/setup.py +++ b/setup.py @@ -42,19 +42,19 @@ def main(): ], "mysql": [ "mysql-connector-python", - "sqlalchemy >= 1.4.22, != 1.4.33, < 2.0.0", + "sqlalchemy >= 1.4.22, != 1.4.33, < 3.0.0", ], "newmode": ["newmode"], "ngpvan": ["suds-py3"], "mobilecommons": ["bs4"], "postgres": [ "psycopg2-binary>=2.9.9", - "sqlalchemy >= 1.4.22, != 1.4.33, < 2.0.0", + "sqlalchemy >= 1.4.22, != 1.4.33, < 3.0.0", ], "redshift": [ "boto3", "psycopg2-binary>=2.9.9", - "sqlalchemy >= 1.4.22, != 1.4.33, < 2.0.0", + "sqlalchemy >= 1.4.22, != 1.4.33, < 3.0.0", ], "s3": ["boto3"], "salesforce": ["simple-salesforce"], @@ -67,7 +67,7 @@ def main(): "ssh": [ "sshtunnel", "psycopg2-binary>=2.9.9", - "sqlalchemy >= 1.4.22, != 1.4.33, < 2.0.0", + "sqlalchemy >= 1.4.22, != 1.4.33, < 3.0.0", ], } extras_require["all"] = sorted({lib for libs in extras_require.values() for lib in libs})