Merge pull request #199 from Lucs1590/versions-update

build: updating libraries versions
Lucs1590 · Nov 13, 2023 · 6b63b0f · 6b63b0f
2 parents c801cae + 105e147
commit 6b63b0f
Show file tree

Hide file tree

Showing 4 changed files with 69 additions and 17 deletions.
diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
@@ -0,0 +1,51 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# Bandit is a security linter designed to find common security issues in Python code.
+# This action will run Bandit on your codebase.
+# The results of the scan will be found under the Security tab of your repository.
+
+# https://github.com/marketplace/actions/bandit-scan is ISC licensed, by abirismyname
+# https://pypi.org/project/bandit/ is Apache v2.0 licensed, by PyCQA
+
+name: Bandit
+on:
+  push:
+    branches: ["master"]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: ["master"]
+  schedule:
+    - cron: "0 10 * * 5"
+
+jobs:
+  bandit:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Bandit Scan
+        uses: shundor/python-bandit-scan@9cc5aa4a006482b8a7f91134412df6772dbda22c
+        with: # optional arguments
+          # exit with 0, even with results found
+          exit_zero: true # optional, default is DEFAULT
+          # Github token of the repository (automatically created by Github)
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information.
+          # File or directory to run bandit on
+          # path: # optional, default is .
+          # Report only issues of a given severity level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything)
+          # level: # optional, default is UNDEFINED
+          # Report only issues of a given confidence level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything)
+          # confidence: # optional, default is UNDEFINED
+          # comma-separated list of paths (glob patterns supported) to exclude from scan (note that these are in addition to the excluded paths provided in the config file) (default: .svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg)
+          # excluded_paths: # optional, default is DEFAULT
+          # comma-separated list of test IDs to skip
+          # skips: # optional, default is DEFAULT
+          # path to a .bandit file that supplies command line arguments
+          # ini_path: # optional, default is DEFAULT
diff --git a/environment.yml b/environment.yml
@@ -15,34 +15,35 @@ dependencies:
   - sqlite=3.36.0
   - tk=8.6.10
   - tzdata=2021a
-  - wheel=0.37.0
+  - wheel=0.41.2
   - xz=5.2.5
   - zlib=1.2.11
   - pip:
       - attrs==21.2.0
       - charset-normalizer==2.0.6
+      - commitizen==3.10.0
       - filelock==3.1.0
-      - gdown==3.13.1
+      - gdown==4.7.1
       - idna==3.2
       - imutils==0.5.4
       - iniconfig==1.1.1
       - joblib==1.0.1
-      - numpy==1.21.2
+      - numpy==1.26.0
       - opencv-contrib-python==4.5.3.56
       - packaging==21.0
       - pillow==10.0.1
       - pluggy==1.0.0
       - py==1.10.0
       - pyparsing==2.4.7
       - pysocks==1.7.1
-      - pytesseract==0.3.8
+      - pytesseract==0.3.10
       - pytest==6.2.5
-      - pytest-socket==0.4.1
-      - requests==2.26.0
-      - scikit-learn==1.0
+      - pytest-socket==0.6.0
+      - requests==2.31.0
+      - scikit-learn==1.3.1
       - scipy==1.7.1
       - six==1.16.0
-      - symspellpy==6.7.0
+      - symspellpy==6.7.7
       - tesseract==0.1.3
       - threadpoolctl==2.2.0
       - toml==0.10.2

diff --git a/setup.py b/setup.py
@@ -62,22 +62,22 @@ def read(file_name):
     install_requires=[
         'tesseract==0.1.3',
         'pytesseract==0.3.10',
-        'requests==2.28.2',
-        'wheel==0.38.4',
+        'requests==2.31.0',
+        'wheel==0.41.2',
         'pillow==10.0.1',
-        'numpy==1.24.1',
+        'numpy==1.26.0',
         'opencv-contrib-python>=4.*',
-        'scikit-learn==1.2.1',
-        'gdown==4.6.0',
+        'scikit-learn==1.3.1',
+        'gdown==4.7.1',
         'imutils==0.5.4',
         'symspellpy==6.7.7'
     ],
     extras_require={
         'dev': [
             'pytest>=3.7',
-            'pytest-socket==0.5.1',
-            'commitizen==2.40.0'
-            'pre-commit==3.0.2'
+            'pytest-socket==0.6.0',
+            'commitizen==3.10.0'
+            'pre-commit==3.4.0'
         ]
     }
 )
diff --git a/src/auxiliary.py b/src/auxiliary.py
@@ -628,7 +628,7 @@ def get_image_from_url(url: str) -> np.ndarray:
         np.ndarray: image.
     """
     try:
-        response = requests.get(url)
+        response = requests.get(url, timeout=60)
     except Exception as error:
         raise ConnectionError(
             'you need to be connected to some internet network to download the EAST model.'