Merge pull request #1485 from GSA/fix-snyk-gevent-version

upgrade gevent and greelet version

ckan/requirements.in

@@ -75,7 +75,7 @@ Flask-Babel==1.0.0
 Flask-Login==0.6.1
 Flask-WTF==1.0.1
 flask-multistatic==1.0
-greenlet==2.0.2
+# greenlet==2.0.2
 #Jinja2==3.1.2
 Markdown==3.4.1
 packaging==24.1
@@ -118,10 +118,12 @@ requests~=2.32.3
 
 # avoid ImportError error https://github.com/GSA/data.gov/issues/4396
 importlib-resources<6.0
-gevent>=23.9.0
 jinja2>=3.1.4
 cryptography>=42.0.4
 
+# fix for https://security.snyk.io/vuln/SNYK-PYTHON-GEVENT-8320934
+gevent>=24.10.1
+
 # lxml beyond 5.1.0 show error module 'lxml.etree' has no attribute '_ElementStringResult'
 # as in https://github.com/GSA/data.gov/issues/4681
 lxml==5.1.0
@@ -139,3 +141,6 @@ setuptools~=71.0.3
 
 # Pin MarkupSafe to avoid button issue for logged in user
 MarkupSafe==2.*
+
+# avoid conflic dependencies issue
+greenlet>=3.1.1

ckan/requirements.txt

@@ -1,11 +1,11 @@
 alembic==1.8.1
-async-timeout==4.0.3
+async-timeout==5.0.0
 Babel==2.10.3
 Beaker==1.11.0
 bleach==5.0.1
 blinker==1.5
-boto3==1.35.51
-botocore==1.35.51
+boto3==1.35.53
+botocore==1.35.53
 certifi==2024.8.30
 cffi==1.17.1
 chardet==5.2.0
@@ -39,8 +39,8 @@ future==1.0.0
 GeoAlchemy2==0.5.0
 geojson==3.0.1
 geomet==1.1.0
-gevent==24.2.1
-greenlet==2.0.2
+gevent==24.10.3
+greenlet==3.1.1
 gunicorn==23.0.0
 html5lib==1.1
 idna==3.10
@@ -105,13 +105,13 @@ typing_extensions==4.3.0
 tzdata==2024.2
 tzlocal==4.2
 urllib3==2.2.3
-watchdog==5.0.3
+watchdog==6.0.0
 webassets==2.0
 webencodings==0.5.1
 Werkzeug==2.0.3
 wheel==0.42.0
 WTForms==3.2.1
 xlrd==2.0.1
-xmlschema==3.4.2
+xmlschema==3.4.3
 zope.event==5.0
 zope.interface==5.4.0