Upgraded versions for dependent repo and included gunicorn as http se… (#35)

* Upgraded versions for dependent repo and included gunicorn as http server

- reverted redis version as dependency also needed to be chaged.

- Versions for flask updated to available

- Versions for gitpython updated to >=3.1.20

- Versions for marshmellow updated to >=3.14.1

- Versions for requests updated to >=2.27.1

- contextvars library added

* - resolved another critical vulerability CVE-2022-24439 Detail
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

Resolution ::
Upgrade GitPython to version 3.1.30 or higher.
https://nvd.nist.gov/vuln/detail/CVE-2022-24439
https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858

Author: rednitish

requirements.txt

@@ -1,18 +1,20 @@
 flasgger==0.9.5
-Flask==1.1.2
+Flask>=2.2.2
 #git2pantheon~=0.1
-Werkzeug==1.0.1
-redis==3.5.3
-setuptools==54.2.0
-flask-cors==3.0.10
-
-marshmallow==3.10.0
-Flask-Executor==0.9.4
+redis>=4.4.2
+setuptools==66.0.0
+Flask-Cors==3.0.10
+marshmallow>=3.19.1
+Flask-Executor==1.0.0
 giturlparse==0.10.0
-PyYAML==5.4.1
-edgegrid-python==1.0.10
-decorest==0.0.6
-requests
-requests-toolbelt==0.9.1
-gitpython==3.1.11
-git+https://github.com/redhataccess/pantheon-uploader.git
+PyYAML==6.0
+edgegrid-python==1.3.1
+decorest==0.1.0
+requests>=2.28.3
+requests-toolbelt==0.10.1
+gitpython>=3.1.30
+gunicorn==20.1.0
+jinja2==3.1.2
+typing-extensions>=4.4.0
+contextvars>=2.4
+git+https://github.com/redhataccess/pantheon-uploader.git

setup.py

@@ -20,28 +20,28 @@
         'pyxdg>=0.26',
         'PyYAML>=5.3.1',
         'redis>=3.5.3',
-        'requests>=2.22.0',
         'requests-file>=1.4.3',
         'requests-ftp>=0.3.1',
         'simpleline>=1.6',
         'six>=1.14.0',
         'tinycss2>=1.0.2',
-        'Flask>=1.1.2',
+        'Flask>=2.0.3',
         'urllib3>=1.25.7',
         'webencodings>=0.5.1',
-        'Werkzeug>=1.0.1',
         'xcffib>=0.9.0',
-        'gitpython==3.1.11',
-        'flask-cors>=3.0.9',
+        'gitpython>=3.1.30',
+        'Flask-Cors>=3.0.10',
         'flasgger>=0.9.5',
-        'Flask-Executor>=0.9.4',
+        'Flask-Executor>=1.0.0',
         'giturlparse>=0.10.0',
-        'marshmallow>=3.9.1',
-        'gunicorn',
-        'edgegrid-python>=1.0.10',
-        'decorest>=0.0.6',
-        'requests',
-        'requests-toolbelt>=0.9.1',
+        'marshmallow>=3.14.1',
+        'gunicorn>=20.1.0',
+        'edgegrid-python>=1.3.1',
+        'decorest>=0.1.0',
+        'requests>=2.27.1',
+        'requests-toolbelt>=0.10.1',
+        'contextvars>=2.3',
+        'typing-extensions>=4.4.0',
         'pantheon-uploader@ git+https://github.com/redhataccess/pantheon-uploader.git@master#egg=pantheon-uploader-0.2'
     ],
     dependency_links=['https://github.com/redhataccess/pantheon-uploader/tarball/master#egg=pantheon-uploader'],