Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

追加: 依存パッケージ脆弱性診断を導入し現パッケージに適用 #1151

Merged
merged 9 commits into from
Apr 9, 2024
Merged

追加: 依存パッケージ脆弱性診断を導入し現パッケージに適用 #1151

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
071a4fb
add: `safety` audit ツールを導入
tarepan Mar 28, 2024
e64b957
fix: `jinja2` 脆弱性を bump して回避
tarepan Mar 28, 2024
1301556
fix: `jinja2` アップデートの反映忘れを修正
tarepan Mar 28, 2024
91c3e6b
fix: `urllib3` 脆弱性を bump して回避
tarepan Mar 28, 2024
9c4b259
fix: `gitpython` 脆弱性を bump して回避
tarepan Mar 28, 2024
f63e37e
fix: `cryptography` 脆弱性を bump して回避
tarepan Mar 28, 2024
8f749ed
fix: `urllib3` 依存範囲の拡大を取り下げて修正
tarepan Mar 28, 2024
1299b72
add: 脆弱性診断コマンドを追加
tarepan Mar 28, 2024
88f2340
fix: lock ファイルの更新による pyproject.toml 単純化
tarepan Apr 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,14 @@ poetry export --without-hashes --with license -o requirements-license.txt
- LGPL: OK (コアと動的分離されているため)
- GPL: NG (全関連コードの公開が必要なため)

#### 脆弱性診断
`safety` を用いた脆弱性診断により依存パッケージの安全性を確保しています。
以下のコマンドにより脆弱性を診断できます:

```bash
safety check -r requirements.txt -r requirements-dev.txt -r requirements-test.txt -r requirements-license.txt
```

### API ドキュメントの確認

[API ドキュメント](https://voicevox.github.io/voicevox_engine/api/)(実体は`docs/api/index.html`)は自動で更新されます。
Expand Down
360 changes: 320 additions & 40 deletions poetry.lock
View file
Open in desktop

Large diffs are not rendered by default.

5 changes: 3 additions & 2 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ uvicorn = "^0.15.0"
soundfile = "^0.12.1"
pyyaml = "^6.0"
pyworld = "^0.3.0"
jinja2 = "^3.1.2" # NOTE: required by fastapi
jinja2 = "^3.1.3" # NOTE: required by fastapi
pyopenjtalk = { git = "https://github.com/VOICEVOX/pyopenjtalk", rev = "b35fc89fe42948a28e33aed886ea145a51113f88" }
semver = "^3.0.0"
platformdirs = "^4.2.0"
Expand All @@ -64,6 +64,7 @@ pyinstaller = "^5.13"
pre-commit = "^2.16.0"
poetry = "1.8.1"
poetry-plugin-export = "^1.6.0"
safety = "^3.1.0"

[tool.poetry.group.test.dependencies]
pysen = "~0.10.5"
Expand All @@ -76,7 +77,7 @@ pytest = "^8.0.0"
coveralls = "^3.2.0"
poetry = "1.8.1"
poetry-plugin-export = "^1.6.0"
httpx = "^0.25.0" # NOTE: required by fastapi.testclient.TestClient
httpx = "^0.25.0" # NOTE: required by fastapi.testclient.TestClient
syrupy = "^4.6.1"
types-pyyaml = "^6.0"

Expand Down
18 changes: 15 additions & 3 deletions requirements-dev.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
altgraph==0.17.3 ; python_version >= "3.11" and python_version < "3.12"
anyio==3.7.1 ; python_version >= "3.11" and python_version < "3.12"
asgiref==3.7.2 ; python_version >= "3.11" and python_version < "3.12"
authlib==1.3.0 ; python_version >= "3.11" and python_version < "3.12"
build==1.0.3 ; python_version >= "3.11" and python_version < "3.12"
cachecontrol[filecache]==0.14.0 ; python_version >= "3.11" and python_version < "3.12"
certifi==2023.7.22 ; python_version >= "3.11" and python_version < "3.12"
Expand All @@ -11,9 +12,10 @@ cleo==2.1.0 ; python_version >= "3.11" and python_version < "3.12"
click==8.1.7 ; python_version >= "3.11" and python_version < "3.12"
colorama==0.4.6 ; python_version >= "3.11" and python_version < "3.12" and (platform_system == "Windows" or os_name == "nt")
crashtest==0.4.1 ; python_version >= "3.11" and python_version < "3.12"
cryptography==41.0.3 ; python_version >= "3.11" and python_version < "3.12" and sys_platform == "linux"
cryptography==42.0.5 ; python_version >= "3.11" and python_version < "3.12"
cython==3.0.7 ; python_version >= "3.11" and python_version < "3.12"
distlib==0.3.7 ; python_version >= "3.11" and python_version < "3.12"
dparse==0.6.4b0 ; python_version >= "3.11" and python_version < "3.12"
dulwich==0.21.5 ; python_version >= "3.11" and python_version < "3.12"
fastapi==0.110.0 ; python_version >= "3.11" and python_version < "3.12"
fastjsonschema==2.19.1 ; python_version >= "3.11" and python_version < "3.12"
Expand All @@ -25,10 +27,13 @@ importlib-metadata==6.8.0 ; python_version >= "3.11" and python_version < "3.12"
installer==0.7.0 ; python_version >= "3.11" and python_version < "3.12"
jaraco-classes==3.3.0 ; python_version >= "3.11" and python_version < "3.12"
jeepney==0.8.0 ; python_version >= "3.11" and python_version < "3.12" and sys_platform == "linux"
jinja2==3.1.2 ; python_version >= "3.11" and python_version < "3.12"
jinja2==3.1.3 ; python_version >= "3.11" and python_version < "3.12"
keyring==24.2.0 ; python_version >= "3.11" and python_version < "3.12"
macholib==1.16.2 ; python_version >= "3.11" and python_version < "3.12" and sys_platform == "darwin"
markdown-it-py==3.0.0 ; python_version >= "3.11" and python_version < "3.12"
markupsafe==2.1.3 ; python_version >= "3.11" and python_version < "3.12"
marshmallow==3.21.1 ; python_version >= "3.11" and python_version < "3.12"
mdurl==0.1.2 ; python_version >= "3.11" and python_version < "3.12"
more-itertools==10.1.0 ; python_version >= "3.11" and python_version < "3.12"
msgpack==1.0.5 ; python_version >= "3.11" and python_version < "3.12"
nodeenv==1.8.0 ; python_version >= "3.11" and python_version < "3.12"
Expand All @@ -45,6 +50,7 @@ pre-commit==2.21.0 ; python_version >= "3.11" and python_version < "3.12"
ptyprocess==0.7.0 ; python_version >= "3.11" and python_version < "3.12"
pycparser==2.21 ; python_version >= "3.11" and python_version < "3.12"
pydantic==1.10.14 ; python_version >= "3.11" and python_version < "3.12"
pygments==2.17.2 ; python_version >= "3.11" and python_version < "3.12"
pyinstaller-hooks-contrib==2023.7 ; python_version >= "3.11" and python_version < "3.12"
pyinstaller==5.13.2 ; python_version >= "3.11" and python_version < "3.12"
pyopenjtalk @ git+https://github.com/VOICEVOX/pyopenjtalk@b35fc89fe42948a28e33aed886ea145a51113f88 ; python_version >= "3.11" and python_version < "3.12"
Expand All @@ -56,6 +62,11 @@ pyyaml==6.0.1 ; python_version >= "3.11" and python_version < "3.12"
rapidfuzz==3.6.1 ; python_version >= "3.11" and python_version < "3.12"
requests-toolbelt==1.0.0 ; python_version >= "3.11" and python_version < "3.12"
requests==2.31.0 ; python_version >= "3.11" and python_version < "3.12"
rich==13.7.1 ; python_version >= "3.11" and python_version < "3.12"
ruamel-yaml-clib==0.2.8 ; platform_python_implementation == "CPython" and python_version < "3.12" and python_version >= "3.11"
ruamel-yaml==0.18.6 ; python_version >= "3.11" and python_version < "3.12"
safety-schemas==0.0.2 ; python_version >= "3.11" and python_version < "3.12"
safety==3.1.0 ; python_version >= "3.11" and python_version < "3.12"
secretstorage==3.3.3 ; python_version >= "3.11" and python_version < "3.12" and sys_platform == "linux"
semver==3.0.2 ; python_version >= "3.11" and python_version < "3.12"
setuptools==68.1.2 ; python_version >= "3.11" and python_version < "3.12"
Expand All @@ -68,8 +79,9 @@ starlette==0.36.3 ; python_version >= "3.11" and python_version < "3.12"
tomlkit==0.12.1 ; python_version >= "3.11" and python_version < "3.12"
tqdm==4.66.1 ; python_version >= "3.11" and python_version < "3.12"
trove-classifiers==2023.8.7 ; python_version >= "3.11" and python_version < "3.12"
typer==0.11.0 ; python_version >= "3.11" and python_version < "3.12"
typing-extensions==4.10.0 ; python_version >= "3.11" and python_version < "3.12"
urllib3==2.0.4 ; python_version >= "3.11" and python_version < "3.12"
urllib3==2.2.1 ; python_version >= "3.11" and python_version < "3.12"
uvicorn==0.15.0 ; python_version >= "3.11" and python_version < "3.12"
virtualenv==20.25.1 ; python_version >= "3.11" and python_version < "3.12"
xattr==1.1.0 ; python_version >= "3.11" and python_version < "3.12" and sys_platform == "darwin"
Expand Down
2 changes: 1 addition & 1 deletion requirements-license.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ cython==3.0.7 ; python_version >= "3.11" and python_version < "3.12"
fastapi==0.110.0 ; python_version >= "3.11" and python_version < "3.12"
h11==0.14.0 ; python_version >= "3.11" and python_version < "3.12"
idna==3.4 ; python_version >= "3.11" and python_version < "3.12"
jinja2==3.1.2 ; python_version >= "3.11" and python_version < "3.12"
jinja2==3.1.3 ; python_version >= "3.11" and python_version < "3.12"
markupsafe==2.1.3 ; python_version >= "3.11" and python_version < "3.12"
numpy==1.26.2 ; python_version >= "3.11" and python_version < "3.12"
pip-licenses==4.3.4 ; python_version >= "3.11" and python_version < "3.12"
Expand Down
8 changes: 4 additions & 4 deletions requirements-test.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ colorlog==4.8.0 ; python_version >= "3.11" and python_version < "3.12"
coverage==6.5.0 ; python_version >= "3.11" and python_version < "3.12"
coveralls==3.3.1 ; python_version >= "3.11" and python_version < "3.12"
crashtest==0.4.1 ; python_version >= "3.11" and python_version < "3.12"
cryptography==41.0.3 ; python_version >= "3.11" and python_version < "3.12" and sys_platform == "linux"
cryptography==42.0.5 ; python_version >= "3.11" and python_version < "3.12" and sys_platform == "linux"
cython==3.0.7 ; python_version >= "3.11" and python_version < "3.12"
dacite==1.8.1 ; python_version >= "3.11" and python_version < "3.12"
distlib==0.3.7 ; python_version >= "3.11" and python_version < "3.12"
Expand All @@ -26,7 +26,7 @@ filelock==3.12.2 ; python_version >= "3.11" and python_version < "3.12"
flake8-bugbear==24.2.6 ; python_version >= "3.11" and python_version < "3.12"
flake8==7.0.0 ; python_version >= "3.11" and python_version < "3.12"
gitdb==4.0.10 ; python_version >= "3.11" and python_version < "3.12"
gitpython==3.1.32 ; python_version >= "3.11" and python_version < "3.12"
gitpython==3.1.43 ; python_version >= "3.11" and python_version < "3.12"
h11==0.14.0 ; python_version >= "3.11" and python_version < "3.12"
httpcore==0.18.0 ; python_version >= "3.11" and python_version < "3.12"
httpx==0.25.0 ; python_version >= "3.11" and python_version < "3.12"
Expand All @@ -37,7 +37,7 @@ installer==0.7.0 ; python_version >= "3.11" and python_version < "3.12"
isort==5.13.2 ; python_version >= "3.11" and python_version < "3.12"
jaraco-classes==3.3.0 ; python_version >= "3.11" and python_version < "3.12"
jeepney==0.8.0 ; python_version >= "3.11" and python_version < "3.12" and sys_platform == "linux"
jinja2==3.1.2 ; python_version >= "3.11" and python_version < "3.12"
jinja2==3.1.3 ; python_version >= "3.11" and python_version < "3.12"
keyring==24.2.0 ; python_version >= "3.11" and python_version < "3.12"
markupsafe==2.1.3 ; python_version >= "3.11" and python_version < "3.12"
mccabe==0.7.0 ; python_version >= "3.11" and python_version < "3.12"
Expand Down Expand Up @@ -87,7 +87,7 @@ trove-classifiers==2023.8.7 ; python_version >= "3.11" and python_version < "3.1
types-pyyaml==6.0.12.12 ; python_version >= "3.11" and python_version < "3.12"
typing-extensions==4.10.0 ; python_version >= "3.11" and python_version < "3.12"
unidiff==0.7.5 ; python_version >= "3.11" and python_version < "3.12"
urllib3==2.0.4 ; python_version >= "3.11" and python_version < "3.12"
urllib3==2.2.1 ; python_version >= "3.11" and python_version < "3.12"
uvicorn==0.15.0 ; python_version >= "3.11" and python_version < "3.12"
virtualenv==20.25.1 ; python_version >= "3.11" and python_version < "3.12"
xattr==1.1.0 ; python_version >= "3.11" and python_version < "3.12" and sys_platform == "darwin"
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ cython==3.0.7 ; python_version >= "3.11" and python_version < "3.12"
fastapi==0.110.0 ; python_version >= "3.11" and python_version < "3.12"
h11==0.14.0 ; python_version >= "3.11" and python_version < "3.12"
idna==3.4 ; python_version >= "3.11" and python_version < "3.12"
jinja2==3.1.2 ; python_version >= "3.11" and python_version < "3.12"
jinja2==3.1.3 ; python_version >= "3.11" and python_version < "3.12"
markupsafe==2.1.3 ; python_version >= "3.11" and python_version < "3.12"
numpy==1.26.2 ; python_version >= "3.11" and python_version < "3.12"
platformdirs==4.2.0 ; python_version >= "3.11" and python_version < "3.12"
Expand Down
Loading