chore(deps): upgrade python dependencies for security reasons and prevent long-running safety scan in pytest and migrated to CI pipeline

COT-WORLD · COT-WORLD · commit 180900bb7d5c · 2026-01-27T13:06:36.000+11:00
- Updated Filelock
- Updated Marshmallow
- Updated python-multiopart
- Updated urllib3
- Updated wheel
diff --git a/.github/workflows/github-actions-CI-CD.yml b/.github/workflows/github-actions-CI-CD.yml
@@ -40,6 +40,8 @@ jobs:
         run: pip install -r requirements.txt
       - name: Testing with pytest
         run: pytest -v -s
+      - name: Security scan (Safety)
+        run: safety scan --exit-code 1 --ignore 39645
       
       - name: Login to Docker Hub
         uses: docker/login-action@v3
diff --git a/requirements.txt b/requirements.txt
@@ -16,7 +16,7 @@ dparse==0.6.4
 email_validator==2.2.0
 fastapi==0.120.2
 fastapi-cli==0.0.8
-filelock==3.16.1
+filelock==3.20.3
 greenlet==3.2.4
 gunicorn==23.0.0
 h11==0.16.0
@@ -31,7 +31,7 @@ joblib==1.5.1
 Mako==1.3.10
 markdown-it-py==4.0.0
 MarkupSafe==3.0.2
-marshmallow==4.0.0
+marshmallow==4.2.1
 mdurl==0.1.2
 nltk==3.9.1
 orjson==3.11.2
@@ -49,7 +49,7 @@ Pygments==2.19.2
 PyJWT==2.10.1
 pytest==8.4.1
 python-dotenv==1.1.1
-python-multipart==0.0.20
+python-multipart==0.0.22
 PyYAML==6.0.2
 regex==2025.7.34
 requests==2.32.5
@@ -72,9 +72,9 @@ typer==0.16.1
 typing-inspection==0.4.1
 typing_extensions==4.15.0
 ujson==5.11.0
-urllib3==2.6.2
+urllib3==2.6.3
 uvicorn==0.35.0
 watchfiles==1.1.0
 webencodings==0.5.1
 websockets==15.0.1
-wheel==0.45.1
+wheel==0.46.3
diff --git a/tests/test_owasp_top_10_security.py b/tests/test_owasp_top_10_security.py
@@ -206,12 +206,12 @@ def test_xss_in_vote_creation(client: TestClient, test_user):
         "detail"][0]["msg"]
 
 
-def test_no_vulnerable_components():
+# def test_no_vulnerable_components():
 
-    result = subprocess.run(['safety', 'check', '--full-report',
-                            '--ignore', '39645'], capture_output=True, text=True)
+#     result = subprocess.run(['safety', 'scan', '--file', 'requirements.txt',
+#                             "--exit-code", "1", '--ignore', '39645'], capture_output=True, text=True)
 
-    assert result.returncode == 0, f"Vulnerabilities found in dependencies: {result.stdout}"
+#     assert result.returncode == 0, f"Vulnerabilities found in dependencies: {result.stdout}"
 
 
 def test_vote_logging(client: TestClient, test_user, test_posts):
