coryHawkvelt/gatehouse-api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

ci: add ansible and CICD deployment
PR -> develop / Scan for secrets (Gitleaks) (pull_request) Failing after 4s
Details
PR -> develop / Scan for CVEs (Trivy) (pull_request) Successful in 2s
Details

Browse Source
This commit is contained in:
sangnn
2026-06-23 07:16:42 +00:00
parent a6d74d9316
commit a3b230e65d
24 changed files with 1077 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files
requirements/base.txt
+8 -6
View File
@@ -1,6 +1,6 @@
# Core Flask
Flask==3.0.0
Werkzeug==3.0.1
Werkzeug==3.0.6 # CVE-2024-34069 (debug-server RCE); stays <3.1 for Flask 3.0 compat
# Database
SQLAlchemy==2.0.23
@@ -19,15 +19,17 @@ Flask-Bcrypt==1.0.1
pyotp==2.9.0
# WebAuthn / FIDO2
fido2==1.1.2
cbor2==5.6.0
# fido2 removed: unused in the codebase (WebAuthn is parsed directly via cbor2),
# and it pinned cryptography<44, blocking the CVE-2026-26007 fix. Re-add fido2>=2.2.0
# if migrating to the official library.
cbor2==5.9.0 # CVE-2024-26134, CVE-2026-26209 (DoS via recursion)
# JWT / OIDC
PyJWT==2.8.0
cryptography==42.0.7
PyJWT==2.13.0 # CVE-2026-48526 (auth bypass via forged JWT), CVE-2026-32597
cryptography==43.0.3 # capped <44 by sshkey-tools 0.11.3; see .trivyignore for CVE-2026-26007
# CORS
Flask-CORS==4.0.0
Flask-CORS==6.0.0 # CVE-2024-6221 (ACAO handling)
# Environment variables
python-dotenv==1.0.0