ci: add ansible and CICD deployment
This commit is contained in:
sangnn
@@ -1,6 +1,6 @@
|
||||
# Core Flask
|
||||
Flask==3.0.0
|
||||
Werkzeug==3.0.1
|
||||
Werkzeug==3.0.6 # CVE-2024-34069 (debug-server RCE); stays <3.1 for Flask 3.0 compat
|
||||
|
||||
# Database
|
||||
SQLAlchemy==2.0.23
|
||||
@@ -19,15 +19,17 @@ Flask-Bcrypt==1.0.1
|
||||
pyotp==2.9.0
|
||||
|
||||
# WebAuthn / FIDO2
|
||||
fido2==1.1.2
|
||||
cbor2==5.6.0
|
||||
# fido2 removed: unused in the codebase (WebAuthn is parsed directly via cbor2),
|
||||
# and it pinned cryptography<44, blocking the CVE-2026-26007 fix. Re-add fido2>=2.2.0
|
||||
# if migrating to the official library.
|
||||
cbor2==5.9.0 # CVE-2024-26134, CVE-2026-26209 (DoS via recursion)
|
||||
|
||||
# JWT / OIDC
|
||||
PyJWT==2.8.0
|
||||
cryptography==42.0.7
|
||||
PyJWT==2.13.0 # CVE-2026-48526 (auth bypass via forged JWT), CVE-2026-32597
|
||||
cryptography==43.0.3 # capped <44 by sshkey-tools 0.11.3; see .trivyignore for CVE-2026-26007
|
||||
|
||||
# CORS
|
||||
Flask-CORS==4.0.0
|
||||
Flask-CORS==6.0.0 # CVE-2024-6221 (ACAO handling)
|
||||
|
||||
# Environment variables
|
||||
python-dotenv==1.0.0
|
||||
|
||||
@@ -36,8 +36,8 @@ requests==2.31.0
|
||||
pytz==2023.3
|
||||
python-dotenv==1.0.0
|
||||
pydantic==2.5.0
|
||||
PyJWT==2.8.0
|
||||
cryptography==42.0.7
|
||||
PyJWT==2.13.0
|
||||
cryptography==43.0.3 # capped <44 by sshkey-tools 0.11.3
|
||||
pycryptodome==3.20.0
|
||||
psycopg2-binary==2.9.9
|
||||
sshkey-tools==0.11.3
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
-r base.txt
|
||||
|
||||
# Production WSGI server
|
||||
gunicorn==21.2.0
|
||||
gunicorn==23.0.0 # CVE-2024-1135, CVE-2024-6827 (HTTP request smuggling)
|
||||
|
||||
# Monitoring & logging
|
||||
sentry-sdk[flask]==1.39.1
|
||||
|
||||
Reference in New Issue
Block a user