dependencies: fix security issues

* Bumps dependencies.

Co-Authored-by: Peter Weber <[email protected]>

pyproject.toml

@@ -23,6 +23,7 @@ python = ">= 3.9, <3.10"
 #------------------------------------------------------------------------------
 # Default from Invenio
 lxml = ">=4.9.1"
+marshmallow = ">=3.0.0,<4.0.0"
 uwsgi = ">=2.0"
 uwsgi-tools = ">=1.1.1"
 uwsgitop = ">=0.11"
@@ -34,24 +35,24 @@ invenio-search = {version = ">=2.1.0,<3.0.0", extras = ["elasticsearch7"]}
 
 # Invenio core modules
 invenio-app = ">=1.3.4,<1.4.0"
-invenio-base = ">=1.2.11,<1.3.0"
+invenio-base = ">=1.2.16,<1.3.0"
 invenio-cache = ">=1.1.1,<1.2.0"
-invenio-celery = ">=1.2.4,<1.3.0"
+invenio-celery = ">=1.2.5,<1.3.0"
 invenio-config = ">=1.0.3,<1.1.0"
 invenio-i18n = ">=2.0.0,<3.0.0"
-invenio-db = {version = ">=1.0.14,<1.1.0", extras = ["postgresql"]}
+invenio-db = {version = ">=1.1.0,<1.2.0", extras = ["postgresql"]}
 # Invenio base bundle
 invenio-admin = ">=1.4.0,<1.5.0"
 # invenio-assets = ">=3.0.0,<4.0.0" # error patch-package 6.5.1 semantic-ui-less
-invenio-assets = ">=1.0.0,<3.0.0"
+invenio-assets = ">=2.0.0,<3.0.0"
 invenio-formatter = ">=2.0.0,<3.0.0"
 invenio-logging = {version = ">=2.0.0,<3.0.0"}
 invenio-mail = ">=2.0.0,<3.0.0"
 invenio-rest = ">=1.3.0,<1.4.0"
-invenio-theme = ">=2.0.0,<3.0.0"
+invenio-theme = ">=2.5.7,<3.0.0"
 # Invenio auth bundle
 invenio-access = ">=2.0.0,<3.0.0"
-invenio-accounts = ">=3.0.0,<4.0.0"
+invenio-accounts = ">=3.5.2,<4.0.0"
 invenio-oauth2server = ">=2.0.0,<3.0.0"
 invenio-oauthclient = ">=3.0.0,<4.0.0"
 invenio-userprofiles = ">=2.2.0,<3.0.0"
@@ -66,10 +67,10 @@ invenio-records = "2.1.0,<2.2.0"
 #invenio-search-ui = ">=2.4.0,<3.0.0"
 # Pinned due to before_first_request deprecation https://flask.palletsprojects.com/en/2.2.x/api/#flask.Flask.before_first_request
 Flask = ">=2.2.0,<2.3.0"
+sentry-sdk = ">=1.0.0" # normaly in invenio-logging = {version = ">=2.0.0,<3.0.0", extras = ["sentry_sdk"]}
 dojson = ">=1.4.0"
 # TODO: dojson problem = AttributeError: 'Group' object has no attribute 'resultcallback'
-# click = "<8.1.0"
-sentry-sdk = ">=1.0.0" # normaly in invenio-logging = {version = ">=2.0.0,<3.0.0", extras = ["sentry_sdk"]}
+click = "<8.1.0"
 
 ## RERO ILS specific python modules
 PyYAML = ">=5.3.1"
@@ -90,10 +91,10 @@ poethepoet = "*"
 ## Python packages development dependencies (order matters)
 #----------------------------------------------------------
 ## Default from Invenio
-pytest-invenio = ">=2.1.0,<3.0.0"
+pytest-invenio = ">=2.1.6,<3.0.0"
 Sphinx = ">=4.5.0"
 ## RERO ILS specific python packages
-safety = ">=1.8"
+safety = ">=1.8,<3.0.0"
 mock = ">=2.0.0"
 autoflake = ">=1.3.1"
 appnope = { version = "*", optional = true }

rero_ebooks/cantook/api.py

@@ -23,6 +23,7 @@
 import json
 
 import click
+from flask import current_app
 from requests import codes as requests_codes
 from requests import get as requests_get
 
@@ -148,7 +149,7 @@ def verbose_print(self, msg):
             click.echo(msg)
 
     def init_available_ids(self, from_date):
-        """Get all aavailable pids.
+        """Get all available pids.
 
         from_date: record changed after this date to get
         """
@@ -177,14 +178,18 @@ def init_available_ids(self, from_date):
             current_page = int(request.headers.get('X-Current-Page', 0))
         if total_items != count:
             # we had an ERROR
-            raise ValueError('ERROR to get all available ids')
+            current_app.logger.error(
+                'ERROR to get all available ids '
+                f'total:{total_items} != count:{count}'
+            )
+            # raise ValueError('ERROR to get all available ids')
         return self._available_ids
 
     def get_records(self, from_date, max=0, file=None):
         """Get cantook records.
 
         from_date: record changed after this date to get
-        max: maxium records to fetcher
+        max: maximum records to fetcher
         file: to save the fetched record
         """
         self._count = 0

rero_ebooks/config.py

@@ -80,7 +80,8 @@ def _(x):
 THEME_FOOTER_TEMPLATE = FOOTER_TEMPLATE
 #: Header base template.
 THEME_HEADER_TEMPLATE = HEADER_TEMPLATE
-
+#: Template for error pages.
+THEME_ERROR_TEMPLATE = 'rero_ebooks/page_error.html'
 
 # Email configuration
 # ===================

rero_ebooks/theme/templates/rero_ebooks/frontpage.html

@@ -14,6 +14,17 @@ <h1>ebooks</h1>
   </div>
   <div class="row margin-top-large">
     <div class="col-md-8">
+      <p>
+        Ebooks repository for RERO..
+      </p>
+      <p class="margin-top-large">
+        OAI entrypoints:
+      </p>
+      <ul>
+        <li><a href="/oai2d?verb=Identify" target="_blank">Identify</a></li>
+        <li><a href="/oai2d?verb=ListRecords&metadataPrefix=marc21" target="_blank">Records</a></li>
+        <li><a href="/oai2d?verb=ListSets" target="_blank">Sets</a></li>
+      </ul>
       <h3 class="margin-top-extra-large">Other RERO products</h3>
       <div class="service-container">
         <a href="{{ config.RERO_SERVICE_ILS }}" target="_blank">

scripts/test

@@ -63,7 +63,6 @@ if [[ -z "${VIRTUAL_ENV}" ]]; then
 fi
 
 set -e
-# TODO: find out why we have following error:
 # -> Vulnerability found in flask-caching version 2.0.1
 #    Vulnerability ID: 40459
 # -> Vulnerability found in sqlalchemy version 1.4.50
@@ -72,10 +71,18 @@ set -e
 #    Vulnerability ID: 42194
 # -> Vulnerability found in wtforms version 2.3.3
 #    Vulnerability ID: 42852
+# -> Vulnerability found in werkzeug version 2.2.3
+#    Vulnerability ID: 62019
 # -> Vulnerability found in py version 1.11.0
 #    Vulnerability ID: 51457
-info_msg "Test safety:"
-safety check -o bare -i 40459 -i 51668 -i 42194 -i 42852 -i 51457
+info_msg "Check vulnerabilities:"
+safety_exceptions="-i 40459 -i 51668 -i 42194 -i 42852 -i 62019 -i 51457"
+msg=$(safety check -o text ${safety_exceptions}) || {
+  echo "Safety vulnerabilites found for packages:" $(safety check -o bare ${safety_exceptions})
+  echo "Run:" "safety check -o screen ${safety_exceptions} | grep -i vulnerability" "for more details"
+  exit 1
+}
+
 info_msg "Test pydocstyle:"
 pydocstyle rero_ebooks tests docs
 info_msg "Test isort:"