From 230160b123435e2269fbdfe77060b8477748e74c Mon Sep 17 00:00:00 2001 From: Gustavo Hidalgo Date: Mon, 5 Feb 2024 11:05:05 -0500 Subject: [PATCH 1/3] Upgrade starlette and FastAPI --- pccommon/setup.py | 4 ++-- pcstac/requirements.txt | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/pccommon/setup.py b/pccommon/setup.py index d330ecba..a2b52a84 100644 --- a/pccommon/setup.py +++ b/pccommon/setup.py @@ -4,8 +4,8 @@ # Runtime requirements. inst_reqs = [ - "fastapi==0.90.1", - "starlette>=0.22.0,<0.23.0", + "fastapi>=0.108.0", + "starlette>=0.27.0", "opencensus-ext-azure==1.0.8", "opencensus-ext-logging==0.1.0", "orjson==3.5.2", diff --git a/pcstac/requirements.txt b/pcstac/requirements.txt index 9e72c0dc..c6cbfdeb 100644 --- a/pcstac/requirements.txt +++ b/pcstac/requirements.txt @@ -71,7 +71,7 @@ deprecated==1.2.14 # via redis exceptiongroup==1.1.1 # via anyio -fastapi==0.90.1 +fastapi==0.109.2 # via # pccommon (pccommon/setup.py) # stac-fastapi-types @@ -254,7 +254,7 @@ stac-pydantic==2.0.3 # stac-fastapi-extensions # stac-fastapi-pgstac # stac-fastapi-types -starlette==0.22.0 +starlette==0.36.3 # via # brotli-asgi # fastapi @@ -265,10 +265,11 @@ termcolor==2.3.0 # via fire types-cachetools==4.2.9 # via pccommon (pccommon/setup.py) -typing-extensions==4.6.3 +typing-extensions==4.9.0 # via # asgiref # azure-core + # fastapi # psycopg # psycopg-pool # pydantic From 46fd614cd8990d5cb81e427d0c4545a8ae02d3de Mon Sep 17 00:00:00 2001 From: Gustavo Hidalgo Date: Mon, 5 Feb 2024 11:09:44 -0500 Subject: [PATCH 2/3] update changelog --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 45ae6cdf..2619cb42 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [2024.1] + +### Changed + +- Upgrade starlette and FastAPI to 0.36.3 and 0.109.2 respectively in [#186](https://github.com/microsoft/planetary-computer-apis/pull/186) + ## [2023.2] ### Changed From 44d1879c28f95ddf0a8688adca05295f0bb3d659 Mon Sep 17 00:00:00 2001 From: Gustavo Hidalgo Date: Mon, 5 Feb 2024 16:08:07 -0500 Subject: [PATCH 3/3] Update dependencies and override starlette version --- pccommon/setup.py | 6 ++++-- pcstac/Dockerfile | 3 +++ pcstac/Dockerfile.dev | 1 + pcstac/requirements.txt | 5 ++--- pctiler/Dockerfile | 3 +++ pctiler/Dockerfile.dev | 1 + 6 files changed, 14 insertions(+), 5 deletions(-) diff --git a/pccommon/setup.py b/pccommon/setup.py index a2b52a84..35697ba5 100644 --- a/pccommon/setup.py +++ b/pccommon/setup.py @@ -4,8 +4,10 @@ # Runtime requirements. inst_reqs = [ - "fastapi>=0.108.0", - "starlette>=0.27.0", + "fastapi==0.90.1", + # Version override by pip install in Dockerfiles to address CVE. + # Cannot do it here due to unnecessary pip version constraints in FastAPI. + "starlette>=0.22.0,<0.23.0", "opencensus-ext-azure==1.0.8", "opencensus-ext-logging==0.1.0", "orjson==3.5.2", diff --git a/pcstac/Dockerfile b/pcstac/Dockerfile index 14cdc4a1..5f13888a 100644 --- a/pcstac/Dockerfile +++ b/pcstac/Dockerfile @@ -11,6 +11,9 @@ COPY pcstac /opt/src/pcstac COPY pccommon /opt/src/pccommon RUN pip install -r ./pcstac/requirements.txt -e ./pccommon -e ./pcstac[server] +# Override starlette version +RUN /bin/sh -c "python -m pip install --upgrade --force-reinstall starlette==0.27.0" + ENV APP_HOST=0.0.0.0 ENV APP_PORT=81 diff --git a/pcstac/Dockerfile.dev b/pcstac/Dockerfile.dev index b61d44a3..1e7e13d7 100644 --- a/pcstac/Dockerfile.dev +++ b/pcstac/Dockerfile.dev @@ -4,3 +4,4 @@ COPY requirements-dev.txt requirements-dev.txt RUN pip install -r requirements-dev.txt RUN pip install -e ./pccommon[dev] -e ./pcstac +RUN /bin/sh -c "python -m pip install --upgrade --force-reinstall starlette==0.27.0" \ No newline at end of file diff --git a/pcstac/requirements.txt b/pcstac/requirements.txt index c6cbfdeb..9c6cfd49 100644 --- a/pcstac/requirements.txt +++ b/pcstac/requirements.txt @@ -71,7 +71,7 @@ deprecated==1.2.14 # via redis exceptiongroup==1.1.1 # via anyio -fastapi==0.109.2 +fastapi==0.90.1 # via # pccommon (pccommon/setup.py) # stac-fastapi-types @@ -254,7 +254,7 @@ stac-pydantic==2.0.3 # stac-fastapi-extensions # stac-fastapi-pgstac # stac-fastapi-types -starlette==0.36.3 +starlette==0.22.0 # via # brotli-asgi # fastapi @@ -269,7 +269,6 @@ typing-extensions==4.9.0 # via # asgiref # azure-core - # fastapi # psycopg # psycopg-pool # pydantic diff --git a/pctiler/Dockerfile b/pctiler/Dockerfile index 428a7587..b713aa2e 100644 --- a/pctiler/Dockerfile +++ b/pctiler/Dockerfile @@ -33,6 +33,9 @@ COPY pctiler /opt/src/pctiler # Install the local modules in the new environment RUN /bin/sh -c "python -m pip install --no-cache-dir -e ./pccommon -e ./pctiler[server]" +# Override starlette version +RUN /bin/sh -c "python -m pip install --upgrade --force-reinstall starlette==0.27.0" + # GDAL config ENV GDAL_CACHEMAX 200 ENV GDAL_INGESTED_BYTES_AT_OPEN 32768 diff --git a/pctiler/Dockerfile.dev b/pctiler/Dockerfile.dev index 88491ca4..d53bd4ba 100644 --- a/pctiler/Dockerfile.dev +++ b/pctiler/Dockerfile.dev @@ -4,3 +4,4 @@ COPY requirements-dev.txt requirements-dev.txt RUN python3 -m pip install -r requirements-dev.txt RUN python3 -m pip install -e ./pccommon -e ./pctiler[dev] +RUN /bin/sh -c "python -m pip install --upgrade --force-reinstall starlette==0.27.0"