dependencies: fix vulnerabilites

When the test is run during the Christmas period, the fees_after_extend test is in error, because the defined interval is not correct. * Adds packages exception for safety. * Fixes cryptography on the latest version 38. * Fixes pydocstyle on the latest version 6.1. * Fixes the test_fees_after_extend. Co-Authored-by: Bertrand Zuchuat <[email protected]>
tocororo · Jan 5, 2023 · e4c6a94 · e4c6a94
1 parent 706a153
commit e4c6a94
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 33 deletions.
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -73,7 +73,7 @@ python-dotenv = ">=0.13.0"
 invenio-sip2 = ">=0.6.16"
 flask-cors = ">3.0.8"
 celery = ">=5.0.0"
-cryptography = ">3.3.1"
+cryptography = ">38.0.2,<39.0"
 freezegun = "^1.1.0"
 lazyreader = ">1.0.0"
 jinja2 = ">2.11.2"
@@ -99,6 +99,7 @@ rero-invenio-base = "^0.1.0"
 jsonref = "<1.0.0"
 dojson = "^1.4.0"
 jsonresolver = "<0.3.2"
+pydocstyle = ">=6.1.1,<6.2"
 
 [tool.poetry.dev-dependencies]
 ## Python packages development dependencies (order matters)

diff --git a/run-tests.sh b/run-tests.sh
@@ -82,8 +82,11 @@ function pretests () {
   # | sqlalchemy                 | 1.3.24    | <2.0.0b1                 | 51668    |
   # | wheel                      | 0.37.1    | <0.38.0                  | 51499    |
   # | sqlalchemy-utils           | 0.35.0    | >=0.27.0                 | 42194    |
+  # | certifi                    | 2022.9.24 | <2022.12.07              | 52365    |
+  # | setuptools                 | 65.4.1    | <65.5.1                  | 52495    |
+  # | future                     | 0.18.2    | <=0.18.2                 | 52510    |
   # +==============================================================================+
-  safety check -i 47833 -i 42498 -i 43738 -i 45183 -i 44501 -i 42852 -i 51457 -i 51358 -i 51499 -i 42194 -i 51668
+  safety check -i 47833 -i 42498 -i 43738 -i 45183 -i 44501 -i 42852 -i 51457 -i 51358 -i 51499 -i 42194 -i 51668 -i 52365 -i 52495 -i 52510
   info_msg "Check json:"
   invenio reroils utils check_json tests/data rero_ils/modules data
   info_msg "Check license:"

diff --git a/tests/ui/circulation/test_actions_extend.py b/tests/ui/circulation/test_actions_extend.py
@@ -72,7 +72,8 @@ def test_fees_after_extend(
         checkout_cipo, dbcommit=True, reindex=True)
 
     # UPDATE LOAN TO BE OVERDUE
-    interval = 10
+    # LIBRARY FIXTURES EXCEPTION: Christmas Holidays is 15 days
+    interval = 15
     while not loan.is_loan_overdue():
         new_end_date = datetime.now(timezone.utc) - timedelta(days=interval)
         loan['end_date'] = new_end_date.isoformat()