Merge pull request #221 from DevoInc/219-remove-urllib-from-dependencies

feat: Upgrade versions of cryptography, msgpack and pipdeptree, and r…
DevoInc · Oct 25, 2023 · c215978 · c215978
2 parents 79d6893 + fdb9afc
commit c215978
Show file tree

Hide file tree

Showing 9 changed files with 30 additions and 22 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,14 +5,14 @@ updates:
     directory: "/"
     target-branch: "master"
     schedule:
-      interval: "daily"
-      time: "09:00"
-      timezone: "Europe/Madrid"
+      interval: "weekly"
     assignees:
-      - "JuanFranDevo"
+      - "angel-devo"
+      - "jgarciai"
     reviewers:
       - "angel-devo"
+      - "jgarciai"
     labels:
-      - "Dependabot"
+      - "dependencies"
     # Set to 0 to avoid version updates (only security updates)
     open-pull-requests-limit: 5
diff --git a/.github/workflows/python-pull-request.yml b/.github/workflows/python-pull-request.yml
@@ -27,7 +27,7 @@ jobs:
     strategy:
       max-parallel: 1
       matrix:
-        version: ["3.7", "3.8", "3.9"]
+        version: ["3.8", "3.9"]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3

diff --git a/.github/workflows/snyk-checks.yml b/.github/workflows/snyk-checks.yml
@@ -9,20 +9,21 @@ on:
       - synchronize
   workflow_dispatch:
   schedule:
-    - cron: "0 9 * * *"
+    - cron: "0 9 * * 1"
 jobs:
   dependencies:
     runs-on: ubuntu-latest
     if: ${{ github.actor != 'dependabot[bot]' }}
     steps:
       - uses: actions/checkout@master
       - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/python@master
+        uses: snyk/actions/python-3.9@master
         continue-on-error: true # To make sure that SARIF upload gets called
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          args: --sarif-file-output=snyk.sarif
+          args: --sarif-file-output=snyk.sarif,--file=requirements.txt,--package-manager=pip
+          command: test
       - name: Upload result to GitHub Code Scanning
         uses: github/codeql-action/upload-sarif@v2
         with:
@@ -33,7 +34,7 @@ jobs:
     steps:
       - uses: actions/checkout@master
       - name: Run Snyk for static code check
-        uses: snyk/actions/python@master
+        uses: snyk/actions/python-3.9@master
         continue-on-error: true # To make sure that SARIF upload gets called
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [5.1.7] - 2023-10-25
+
+### Changed
+
+- `urllib3` dependency removed, `requests` already solves it.
+- `cryptography` depemdency upgraded from `cryptography~=41.0.3` to `cryptography~=41.0.5`
+- `msgpack~=1.0.4` testing dependency upgraded from `msgpack~=1.0.4` to `msgpack~=1.0.7`
+- `pipdeptree~=2.5.0` testing dependency upgraded from `pipdeptree~=2.5.0` to `pipdeptree~=2.13.0`
+- Removed support for Python 3.7.
+
 ## [5.1.6] - 2023-10-05
 
 ### Changed

diff --git a/README.md b/README.md
@@ -14,11 +14,11 @@ This is the SDK to access Devo directly from Python. It can be used to:
 
 ## Requirements
 
-The Devo SDK for Python requires Python 3.7+
+The Devo SDK for Python requires Python 3.8+
 
 ## Compatibility
 
-- Tested compatibility for python 3.7, 3.8 and 3.9
+- Tested compatibility for python 3.8 and 3.9
 
 ## Quick Start
 

diff --git a/devo/__version__.py b/devo/__version__.py
@@ -1,6 +1,6 @@
 __description__ = "Devo Python Library."
 __url__ = "http://www.devo.com"
-__version__ = "5.1.6"
+__version__ = "5.1.7"
 __author__ = "Devo"
 __author_email__ = "support@devo.com"
 __license__ = "MIT"

diff --git a/requirements-test.txt b/requirements-test.txt
@@ -1,4 +1,4 @@
 stopit==1.1.2
-msgpack~=1.0.4
+msgpack~=1.0.7
 responses~=0.23.3
-pipdeptree~=2.5.0
+pipdeptree~=2.13.0
diff --git a/requirements.txt b/requirements.txt
@@ -3,7 +3,6 @@ PyYAML==6.0.1
 requests~=2.31
 pem~=21.2.0
 pyopenssl~=23.2
-urllib3~=2.0.6
 pytz~=2023.3
 certifi~=2023.7.22
-cryptography~=41.0.3
+cryptography~=41.0.5
diff --git a/setup.py b/setup.py
@@ -18,7 +18,6 @@
     "Operating System :: OS Independent",
     "Programming Language :: Python",
     "Programming Language :: Python :: 3",
-    "Programming Language :: Python :: 3.7",
     "Programming Language :: Python :: 3.8",
     "Programming Language :: Python :: 3.9",
     "Programming Language :: Python :: Implementation :: CPython",
@@ -31,17 +30,16 @@
     "PyYAML==6.0.1",
     "pem~=21.2.0",
     "pyopenssl~=23.2",
-    "urllib3~=2.0.6",
     "pytz~=2023.3",
     "certifi~=2023.7.22",
-    "cryptography~=41.0.3",
+    "cryptography~=41.0.5",
 ]
 EXTRAS_REQUIRE = {
     "dev": [
         "stopit==1.1.2",
-        "msgpack~=1.0.4",
+        "msgpack~=1.0.7",
         "responses~=0.23.3",
-        "pipdeptree~=2.5.0"
+        "pipdeptree~=2.13.0"
     ]
 }
 CLI = [