Werkzeug + Flask vulnerabilities fixed with CKAN 2.10

.snyk

@@ -7,27 +7,6 @@ ignore:
         reason: >-
           No remediation available yet; Not affecting us since the storage is
           not accessible to any other client
-        expires: 2023-06-30T16:20:58.017Z
+        expires: 2024-06-30T16:20:58.017Z
         created: 2022-12-08T16:20:58.023Z
-  SNYK-PYTHON-WERKZEUG-3319936:
-    - '*':
-        reason: >-
-          Upgrade path is complex, Issue tracked in github:
-          https://github.com/GSA/data.gov/issues/4217
-        expires: 2023-07-30T16:20:58.017Z
-        created: 2023-02-15T16:20:58.023Z
-  SNYK-PYTHON-WERKZEUG-3319935:
-    - '*':
-        reason: >-
-          Upgrade path is complex, Issue tracked in github:
-          https://github.com/GSA/data.gov/issues/4217
-        expires: 2023-07-30T16:20:58.017Z
-        created: 2023-02-15T16:20:58.023Z
-  SNYK-PYTHON-FLASK-5490129:
-    - '*':
-        reason: >-
-          Upgrade path is complex, Issue tracked in github:
-          https://github.com/GSA/data.gov/issues/4303
-        expires: 2023-07-30T16:20:58.017Z
-        created: 2023-05-08T16:20:58.023Z
 patch: {}

requirements.in.txt

@@ -3,6 +3,7 @@ ckan==2.10.1
 git+https://github.com/GSA/ckanext-saml2auth.git@create_user_via_saml#egg=ckanext-saml2auth
 git+https://github.com/keitaroinc/ckanext-s3filestore.git#egg=ckanext-s3filestore
 -e git+https://github.com/ckan/ckanext-xloader.git@master#egg=ckanext-xloader
+git+https://github.com/nickumia-reisys/multistatic-copy.git@main#egg=flask-multistatic
 
 ckanext-googleanalyticsbasic
 ckanext-usmetadata>=0.3.0
@@ -24,15 +25,14 @@ alembic==1.8.0
 Babel==2.10.3
 Beaker==1.11.0
 bleach==5.0.1
-blinker==1.5
+blinker>=1.6.2
 click==8.1.3
 dominate==2.7.0
 feedgen==0.9.0
-Flask==2.0.3
+Flask>=2.2.5
 Flask-Babel==1.0.0
-flask-multistatic==1.0
-Flask-Login==0.6.1
-Flask-WTF==1.0.1
+Flask-Login==0.6.2
+Flask-WTF==1.1.1
 Jinja2==3.1.2
 PyJWT==2.4.0              # Upgraded to pass security scans
 Markdown==3.4.1           # Upgraded https://github.com/GSA/data.gov/issues/4056
@@ -55,7 +55,7 @@ SQLAlchemy[mypy]==1.4.41
 sqlparse==0.4.4
 tzlocal==4.2
 webassets==2.0
-Werkzeug[watchdog]==2.0.3
+Werkzeug[watchdog]>=2.2.3
 zope.interface==5.4.0
 
 # # ckanext-saml2 dependencies
@@ -78,7 +78,7 @@ python-dateutil>=2.8.2
 
 # Other pinned dependencies
 # (most likely for snyk)
-itsdangerous==2.0.1
-MarkupSafe==2.0.1
+itsdangerous>=2.1.0
+MarkupSafe>=2.1.1
 certifi>=2022.12.7
 setuptools>=65.5.1

requirements.txt

@@ -4,9 +4,9 @@ attrs==23.1.0
 Babel==2.10.3
 Beaker==1.11.0
 bleach==5.0.1
-blinker==1.5
-boto3==1.26.160
-botocore==1.29.160
+blinker==1.6.2
+boto3==1.26.165
+botocore==1.29.165
 certifi==2023.5.7
 cffi==1.15.1
 chardet==5.1.0
@@ -18,29 +18,28 @@ ckanext-envvars==0.0.3
 ckanext-googleanalyticsbasic==0.2.1
 ckanext-s3filestore @ git+https://github.com/keitaroinc/ckanext-s3filestore.git@caf88c0352ffe7b4432d3d55ddfb0a71249ceddd
 ckanext-saml2auth @ git+https://github.com/GSA/ckanext-saml2auth.git@c2b12a94430034c522b25d282323a064e2d6a03a
-ckanext-usmetadata==0.3.0
+ckanext-usmetadata==0.3.1
 -e git+https://github.com/ckan/ckanext-xloader.git@c062f547e8e5dd80fd5dae6d184fe268ccb4b32e#egg=ckanext_xloader
 ckantoolkit==0.0.7
 click==8.1.3
 cryptography==41.0.1
 defusedxml==0.7.1
 dominate==2.7.0
-elementpath==4.1.3
+elementpath==4.1.4
 et-xmlfile==1.1.0
 feedgen==0.9.0
-Flask==2.0.3
+Flask==2.1.3
 Flask-Babel==1.0.0
-Flask-Login==0.6.1
-flask-multistatic==1.0
-Flask-WTF==1.0.1
+Flask-Login==0.6.2
+Flask-WTF==1.1.1
 gevent==22.10.2
 greenlet==2.0.2
 gunicorn==20.1.0
 html5lib==1.1
 idna==3.4
 ijson==3.2.2
 importlib-resources==5.12.0
-itsdangerous==2.0.1
+itsdangerous==2.1.2
 Jinja2==3.1.2
 jmespath==1.0.1
 json-table-schema==0.2.1
@@ -50,11 +49,12 @@ linear-tsv==1.1.0
 lxml==4.9.1
 Mako==1.2.4
 Markdown==3.4.1
-MarkupSafe==2.0.1
+MarkupSafe==2.1.3
 messytables==0.15.2
+git+https://github.com/nickumia-reisys/multistatic-copy.git@e46da39614127bfa996e29994d969b8b7486ed21#egg=flask-multistatic
 mypy==1.4.1
 mypy-extensions==1.0.0
-newrelic==8.8.0
+newrelic==8.8.1
 nose==1.3.7
 openpyxl==3.1.2
 passlib==1.7.4
@@ -87,7 +87,7 @@ sqlalchemy2-stubs==0.0.2a34
 sqlparse==0.4.4
 tabulator==1.53.5
 tomli==2.0.1
-typing_extensions==4.6.3
+typing_extensions==4.7.1
 tzdata==2023.3
 tzlocal==4.2
 unicodecsv==0.14.1
@@ -96,7 +96,7 @@ urllib3==1.26.5
 watchdog==3.0.0
 webassets==2.0
 webencodings==0.5.1
-Werkzeug==2.0.3
+Werkzeug==2.1.2
 wheel==0.40.0
 WTForms==3.0.1
 xlrd==2.0.1