self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2025-08-10 22:31:47 +02:00
Code Issues Releases Activity

Update all dependencies

Browse Source
This commit is contained in:
Florent Daigniere
2024-05-06 10:21:15 +02:00
parent d84c73a9d4
commit a55a9d89ba
8 changed files with 60 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/base/requirements-build.txt
View File

@@ -1,3 +1,3 @@
pip==23.3.1 pip==24.0
setuptools==68.2.2 setuptools==69.5.1
wheel==0.41.3 wheel==0.43.0

84
core/base/requirements-prod.txt
View File

@@ -1,87 +1,87 @@
aiodns==3.1.1 aiodns==3.2.0
aiohttp==3.9.3 aiohttp==3.9.5
aiosignal==1.3.1 aiosignal==1.3.1
alembic==1.13.1 alembic==1.13.1
aniso8601==9.0.1 aniso8601==9.0.1
attrs==23.2.0 attrs==23.2.0
Babel==2.14.0 Babel==2.15.0
bcrypt==4.1.2 bcrypt==4.1.3
blinker==1.7.0 blinker==1.8.1
certifi==2023.11.17 certifi==2024.2.2
cffi==1.16.0 cffi==1.16.0
charset-normalizer==3.3.2 charset-normalizer==3.3.2
click==8.1.7 click==8.1.7
colorclass==2.2.2 colorclass==2.2.2
cryptography==42.0.5 cryptography==42.0.6
defusedxml==0.7.1 defusedxml==0.7.1
Deprecated==1.2.14 Deprecated==1.2.14
dnspython==2.5.0 dnspython==2.6.1
dominate==2.9.1 dominate==2.9.1
easygui==0.98.3 easygui==0.98.3
email-validator==2.1.0.post1 email-validator==2.1.1
Flask==3.0.1 Flask==3.0.3
flask-babel==4.0.0 flask-babel==4.0.0
Flask-Bootstrap==3.3.7.1 Flask-Bootstrap==3.3.7.1
Flask-DebugToolbar==0.14.1 Flask-DebugToolbar==0.15.1
Flask-Login==0.6.3 Flask-Login==0.6.3
flask-marshmallow==1.1.0 flask-marshmallow==1.2.1
Flask-Migrate==4.0.5 Flask-Migrate==4.0.7
flask-restx==1.3.0 flask-restx==1.3.0
Flask-SQLAlchemy==3.1.1 Flask-SQLAlchemy==3.1.1
Flask-WTF==1.2.1 Flask-WTF==1.2.1
frozenlist==1.4.1 frozenlist==1.4.1
greenlet==3.0.3 greenlet==3.0.3
gunicorn==22.0.0 gunicorn==22.0.0
idna==3.6 idna==3.7
importlib-resources==6.1.1 importlib-resources==6.4.0
infinity==1.5 infinity==1.5
intervals==0.9.2 intervals==0.9.2
itsdangerous==2.1.2 itsdangerous==2.2.0
Jinja2==3.1.3 Jinja2==3.1.4
jsonschema==4.21.1 jsonschema==4.22.0
jsonschema-specifications==2023.12.1 jsonschema-specifications==2023.12.1
limits==3.7.0 limits==3.11.0
Mako==1.3.0 Mako==1.3.3
MarkupSafe==2.1.4 MarkupSafe==2.1.5
marshmallow==3.20.2 marshmallow==3.21.2
marshmallow-sqlalchemy==0.30.0 marshmallow-sqlalchemy==1.0.0
msoffcrypto-tool==5.3.1 msoffcrypto-tool==5.4.0
multidict==6.0.4 multidict==6.0.5
mysql-connector-python==8.3.0 mysql-connector-python==8.4.0
olefile==0.47 olefile==0.47
oletools==0.60.1 oletools==0.60.1
packaging==23.2 packaging==24.0
passlib==1.7.4 passlib==1.7.4
pcodedmp==1.2.6 pcodedmp==1.2.6
podop @ file:///app/libs/podop podop @ file:///app/libs/podop
postfix-mta-sts-resolver==1.4.0 postfix-mta-sts-resolver==1.4.0
psycopg2-binary==2.9.9 psycopg2-binary==2.9.9
pycares==4.4.0 pycares==4.4.0
pycparser==2.21 pycparser==2.22
Pygments==2.17.2 Pygments==2.18.0
pyparsing==2.4.7 pyparsing==2.4.7
python-dateutil==2.8.2 python-dateutil==2.9.0.post0
python-magic==0.4.27 python-magic==0.4.27
pytz==2023.3.post1 pytz==2024.1
PyYAML==6.0.1 PyYAML==6.0.1
Radicale==3.1.8 Radicale==3.1.9
redis==5.0.1 redis==5.0.4
referencing==0.32.1 referencing==0.35.1
requests==2.31.0 requests==2.31.0
rpds-py==0.17.1 rpds-py==0.18.0
six==1.16.0 six==1.16.0
socrate @ file:///app/libs/socrate socrate @ file:///app/libs/socrate
SQLAlchemy==2.0.25 SQLAlchemy==2.0.30
srslib==0.1.4 srslib==0.1.4
tabulate==0.9.0 tabulate==0.9.0
tenacity==8.2.3 tenacity==8.2.3
typing_extensions==4.9.0 typing_extensions==4.11.0
urllib3==2.1.0 urllib3==2.2.1
validators==0.22.0 validators==0.28.1
visitor==0.1.3 visitor==0.1.3
vobject==0.9.6.1 vobject==0.9.7
watchdog==3.0.0 watchdog==4.0.0
Werkzeug==3.0.1 Werkzeug==3.0.3
wrapt==1.16.0 wrapt==1.16.0
WTForms==3.1.2 WTForms==3.1.2
WTForms-Components==0.10.5 WTForms-Components==0.10.5

6
docs/Dockerfile
View File

@@ -1,5 +1,5 @@
# Convert .rst files to .html in temporary build container # Convert .rst files to .html in temporary build container
FROM python:3.12.0-alpine3.18 AS build FROM python:3.12.3-alpine3.19 AS build
ARG version=master ARG version=master
ENV VERSION=$version ENV VERSION=$version
@@ -16,7 +16,7 @@ RUN apk add --no-cache --virtual .build-deps \
# Build nginx deployment image including generated html # Build nginx deployment image including generated html
FROM nginx:1.25.3-alpine FROM nginx:1.25.5-alpine
ARG version=master ARG version=master
ARG pinned_version=master ARG pinned_version=master
@@ -30,4 +30,4 @@ COPY --from=build /build/$VERSION /build/$VERSION
EXPOSE 80/tcp EXPOSE 80/tcp
CMD nginx -g "daemon off;" CMD nginx -g "daemon off;"
RUN echo $pinned_version >> /version RUN echo $pinned_version >> /version

8
docs/requirements.txt
View File

@@ -1,5 +1,5 @@
recommonmark==0.7.1 recommonmark==0.7.1
Sphinx==7.2.6 Sphinx==7.3.7
sphinx-autobuild==2021.3.14 sphinx-autobuild==2024.4.16
sphinx-rtd-theme==1.3.0 sphinx-rtd-theme==2.0.0
docutils==0.18.1 docutils==0.20.1

6
tests/requirements.txt
View File

@@ -1,3 +1,3 @@
docker==4.2.2 docker==7.0.0
colorama==0.4.3 colorama==0.4.6
managesieve==0.7.1 managesieve==0.8

1
towncrier/newsfragments/3032.misc
View File

@@ -1 +1,2 @@
Update all python dependencies in preparation of next Mailu release. Update all python dependencies in preparation of next Mailu release.
Update snappymail to 2.36.1

2
webmails/Dockerfile
View File

@@ -55,7 +55,7 @@ COPY roundcube/config/config.inc.carddav.php /var/www/roundcube/plugins/carddav/
# snappymail # snappymail
ENV SNAPPYMAIL_URL https://github.com/the-djmaze/snappymail/releases/download/v2.31.0/snappymail-2.31.0.tar.gz ENV SNAPPYMAIL_URL https://github.com/the-djmaze/snappymail/releases/download/v2.36.1/snappymail-2.36.1.tar.gz
RUN set -euxo pipefail \ RUN set -euxo pipefail \
; mkdir /var/www/snappymail \ ; mkdir /var/www/snappymail \

4
webmails/snuffleupagus.rules
View File

@@ -71,6 +71,7 @@ sp.disable_function.function("include").drop()
# Prevent `system`-related injections # Prevent `system`-related injections
sp.disable_function.function("system").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop(); sp.disable_function.function("system").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
sp.disable_function.function("exec_shell").filename_r("/var/www/snappymail/snappymail/v/[0-9]+\.[0-9]+\.[0-9]+/app/libraries/snappymail/gpg/base.php").allow();
sp.disable_function.function("shell_exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop(); sp.disable_function.function("shell_exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
sp.disable_function.function("exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop(); sp.disable_function.function("exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
# This is **very** broad but doing better is non-straightforward # This is **very** broad but doing better is non-straightforward
@@ -91,17 +92,18 @@ sp.disable_function.function("ini_get").filename("/var/www/roundcube/plugins/man
sp.disable_function.function("ini_get").param("option").value("allow_url_fopen").drop(); sp.disable_function.function("ini_get").param("option").value("allow_url_fopen").drop();
sp.disable_function.function("ini_get").param("option").value("open_basedir").drop(); sp.disable_function.function("ini_get").param("option").value("open_basedir").drop();
sp.disable_function.function("ini_get").param("option").value_r("suhosin").drop(); sp.disable_function.function("ini_get").param("option").value_r("suhosin").drop();
sp.disable_function.function("function_exists").filename_r("/var/www/snappymail/snappymail/v/[0-9]+\.[0-9]+\.[0-9]+/app/libraries/snappymail/gpg/base.php").allow();
sp.disable_function.function("function_exists").param("function").value("eval").drop(); sp.disable_function.function("function_exists").param("function").value("eval").drop();
sp.disable_function.function("function_exists").param("function").value("exec").drop(); sp.disable_function.function("function_exists").param("function").value("exec").drop();
sp.disable_function.function("function_exists").param("function").value("system").drop(); sp.disable_function.function("function_exists").param("function").value("system").drop();
sp.disable_function.function("function_exists").param("function").value("shell_exec").drop(); sp.disable_function.function("function_exists").param("function").value("shell_exec").drop();
sp.disable_function.function("function_exists").param("function").value("proc_open").drop(); sp.disable_function.function("function_exists").param("function").value("proc_open").drop();
sp.disable_function.function("function_exists").param("function").value("passthru").drop(); sp.disable_function.function("function_exists").param("function").value("passthru").drop();
sp.disable_function.function("is_callable").filename_r("/var/www/snappymail/snappymail/v/[0-9]+\.[0-9]+\.[0-9]+/app/libraries/snappymail/gpg/base.php").allow();
sp.disable_function.function("is_callable").param("value").value("eval").drop(); sp.disable_function.function("is_callable").param("value").value("eval").drop();
sp.disable_function.function("is_callable").param("value").value("exec").drop(); sp.disable_function.function("is_callable").param("value").value("exec").drop();
sp.disable_function.function("is_callable").param("value").value("system").drop(); sp.disable_function.function("is_callable").param("value").value("system").drop();
sp.disable_function.function("is_callable").param("value").value("shell_exec").drop(); sp.disable_function.function("is_callable").param("value").value("shell_exec").drop();
sp.disable_function.function("is_callable").filename_r("^/var/www/snappymail/snappymail/v/[0-9]+\.[0-9]+\.[0-9]+/app/libraries/snappymail/pgp/gpg\.php$").param("value").value("proc_open").allow();
sp.disable_function.function("is_callable").param("value").value("proc_open").drop(); sp.disable_function.function("is_callable").param("value").value("proc_open").drop();
sp.disable_function.function("is_callable").param("value").value("passthru").drop(); sp.disable_function.function("is_callable").param("value").value("passthru").drop();