From d34dc651b172b26b09a01d9848dd08f89fe060b2 Mon Sep 17 00:00:00 2001 From: ajaysi Date: Fri, 3 Apr 2026 07:50:27 +0530 Subject: [PATCH] Revert "chore: add dependency update workflow and fix urllib3 version" This reverts commit 0d2d9b220e7df38af67fb5758e8064bb4d1d8390. --- .github/workflows/dependency-updates.yml | 88 ------------------------ backend/requirements.txt | 8 +-- 2 files changed, 4 insertions(+), 92 deletions(-) delete mode 100644 .github/workflows/dependency-updates.yml diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml deleted file mode 100644 index d93b077d..00000000 --- a/.github/workflows/dependency-updates.yml +++ /dev/null @@ -1,88 +0,0 @@ -name: Dependency Updates - -on: - schedule: - - cron: '0 0 * * 0' # Weekly on Sunday - workflow_dispatch: # Manual trigger - -jobs: - # Python dependency updates - update-python: - runs-on: ubuntu-latest - if: github.event_name == 'workflow_dispatch' - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: "3.11" - - - name: Install pip-tools - run: pip install pip-tools - - - name: Check outdated packages - run: | - pip list --outdated --format=freeze | head -20 - - - name: Create pull request for updates - uses: python-semantic-release/pypi-publish@v1 - with: - command: pip-compile - continue-on-error: true - - - name: Create Dependabot PR - uses: dependabot/fetch-metadata@v2 - with: - package-ecosystem: "pip" - directory: "/backend" - continue-on-error: true - - # Node.js dependency updates - update-node: - runs-on: ubuntu-latest - if: github.event_name == 'workflow_dispatch' - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: '20' - cache: 'npm' - cache-dependency-path: frontend/package-lock.json - - - name: Install dependencies - run: cd frontend && npm ci - - - name: Check outdated - run: cd frontend && npm outdated --depth=0 - - - name: Create PR for npm updates - uses: actions/github-script@v7 - with: - script: | - // This would create a PR with npm updates - console.log("Run 'npm update' to update packages") - continue-on-error: true - - # Security alerts summary - security-summary: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Run security audit on Python - uses: snyk/actions@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - args: --file=backend/requirements.txt --json | jq -r '.vulnerabilities[] | "- \(.title): \(..severity)"' || echo "No vulnerabilities found" - - - name: Run security audit on Node - run: | - cd frontend && npm audit --json > audit.json 2>/dev/null || true - continue-on-error: true diff --git a/backend/requirements.txt b/backend/requirements.txt index be826cac..9d695301 100644 --- a/backend/requirements.txt +++ b/backend/requirements.txt @@ -39,10 +39,10 @@ google-auth-oauthlib>=1.0.0 # Web scraping and content processing beautifulsoup4>=4.12.0 -requests>=2.32.0 -urllib3>=2.0.0 -chardet>=5.2.0 -charset-normalizer>=3.3.0 +requests>=2.31.0 +urllib3<2.0.0 +chardet>=5.0.0 +charset-normalizer<3.0.0 lxml>=4.9.0 html5lib>=1.1 aiohttp>=3.9.0