Dependency updates for September 2024 (#3351)

* Bump Microsoft.NET.Test.Sdk from 17.10.0 to 17.11.0 in /Backend.Tests
* Bump NUnit from 4.1.0 to 4.2.2 in /Backend.Tests
* Bump NUnit3TestAdapter from 4.5.0 to 4.6.0 in /Backend.Tests
* Bump dotnet/aspnet from 8.0.7-jammy to 8.0.8-jammy in /Backend
* Bump dotnet/sdk from 8.0.303-jammy to 8.0.401-jammy in /Backend
* Bump Swashbuckle.AspNetCore from 6.7.0 to 6.7.3 in /Backend
* Bump mongo from 7.0.12-jammy to 7.0.14-jammy in /database
* Bump webpack from 5.92.1 to 5.94.0
* Bump docker/login-action from 3.1.0 to 3.3.0
* Bump axios from 1.7.2 to 1.7.7
* Bump @types/crypto-js from 4.2.0 to 4.2.2
* Bump node from 20.14.0-bookworm-slim to 20.17.0-bookworm-slim
* Bump actions/upload-artifact from 4.3.4 to 4.4.0
* Bump actions/download-artifact from 4.1.7 to 4.1.8
* Bump actions/setup-python from 5.1.1 to 5.2.0
* Bump sillsdev/FieldWorks
* Update to Python 3.12
* Update Python dependencies
* Update license report

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/backend.yml

@@ -48,7 +48,7 @@ jobs:
         run: dotnet test Backend.Tests/Backend.Tests.csproj
         shell: bash
       - name: Upload coverage artifact
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           if-no-files-found: error
           name: coverage
@@ -87,7 +87,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Download coverage artifact
-        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: coverage
       - name: Upload coverage report
@@ -138,7 +138,7 @@ jobs:
       - name: Autobuild
         uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
       - name: Upload artifacts if build failed
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         if: ${{ failure() }}
         with:
           name: tracer-logs

.github/workflows/combine_deploy_image.yml

@@ -48,7 +48,7 @@ jobs:
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: us-east-1
       - name: Login to AWS ECR
-        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           registry: public.ecr.aws
           username: ${{ secrets.AWS_ACCESS_KEY_ID }}

.github/workflows/commit_message_check.yml

@@ -10,4 +10,4 @@ permissions: # added using https://github.com/step-security/secure-workflows
 
 jobs:
   commit-message-lint:
-    uses: sillsdev/FieldWorks/.github/workflows/CommitMessage.yml@1841598026f41661ed53c3072589dbfed5c14a12
+    uses: sillsdev/FieldWorks/.github/workflows/CommitMessage.yml@9972c2aa3ad9fa768bd82714208152c4b6ce6b2c

.github/workflows/frontend.yml

@@ -68,7 +68,7 @@ jobs:
         env:
           CI: true
       - name: Upload coverage artifact
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           if-no-files-found: error
           name: coverage
@@ -97,7 +97,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Download coverage artifact
-        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: coverage
       - name: Upload coverage report

.github/workflows/pages.yml

@@ -26,9 +26,9 @@ jobs:
             github.com:443
             pypi.org:443
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
+      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
         with:
-          python-version: 3.11
+          python-version: 3.12
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip

.github/workflows/python.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.10", "3.11"]
+        python-version: ["3.12"]
     steps:
       # See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
       # configuring harden-runner and identifying allowed endpoints.
@@ -30,7 +30,7 @@ jobs:
             pypi.org:443
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
+        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install dependencies

.github/workflows/scorecards.yml

@@ -81,7 +81,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           name: SARIF file
           path: results.sarif

Backend.Tests/Backend.Tests.csproj

@@ -12,9 +12,9 @@
     <NoWarn>$(NoWarn);CA1305;CA1859;CS1591</NoWarn>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-    <PackageReference Include="NUnit" Version="4.1.0" />
-    <PackageReference Include="NUnit3TestAdapter" Version="4.5.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.0" />
+    <PackageReference Include="NUnit" Version="4.2.2" />
+    <PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
     <PackageReference Include="coverlet.collector" Version="6.0.2"/>
     <PackageReference Include="coverlet.msbuild" Version="6.0.2"/>
   </ItemGroup>

Backend/BackendFramework.csproj

@@ -18,7 +18,7 @@
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.5.1" />
     <PackageReference Include="MailKit" Version="4.7.1.1" />
     <PackageReference Include="MongoDB.Driver" Version="2.28.0" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.7.0" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.7.3" />
     <PackageReference Include="Xabe.FFmpeg" Version="5.2.6"/>
 
     <!-- SIL Maintained Dependencies. -->

Backend/Dockerfile

@@ -7,7 +7,7 @@
 ############################################################
 
 # Docker multi-stage build
-FROM mcr.microsoft.com/dotnet/sdk:8.0.303-jammy AS builder
+FROM mcr.microsoft.com/dotnet/sdk:8.0.401-jammy AS builder
 WORKDIR /app
 
 # Copy csproj and restore (fetch dependencies) as distinct layers.
@@ -19,7 +19,7 @@ COPY . ./
 RUN dotnet publish -c Release -o build
 
 # Build runtime image.
-FROM mcr.microsoft.com/dotnet/aspnet:8.0.7-jammy
+FROM mcr.microsoft.com/dotnet/aspnet:8.0.8-jammy
 
 ENV ASPNETCORE_URLS=http://+:5000
 ENV COMBINE_IS_IN_CONTAINER=1

Dockerfile

@@ -7,7 +7,7 @@
 ############################################################
 
 # User guide build environment
-FROM python:3.10.14-slim-bookworm AS user_guide_builder
+FROM python:3.12.5-slim-bookworm AS user_guide_builder
 
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
@@ -24,7 +24,7 @@ COPY docs/user_guide docs/user_guide
 RUN tox -e user-guide
 
 # Frontend build environment.
-FROM node:20.14.0-bookworm-slim AS frontend_builder
+FROM node:20.17.0-bookworm-slim AS frontend_builder
 WORKDIR /app
 
 # Install app dependencies.

README.md

@@ -171,7 +171,7 @@ A rapid word collection tool. See the [User Guide](https://sillsdev.github.io/Th
 
 ### Python
 
-_Python_ (3.10 recommended) is required to run the scripts that are used to initialize and maintain the cluster. Note
+_Python_ (3.12 recommended) is required to run the scripts that are used to initialize and maintain the cluster. Note
 that the commands for setting up the virtual environment must be run from the top-level directory for _The Combine_
 source tree.
 

database/Dockerfile

@@ -5,7 +5,7 @@
 #   - Intel/AMD 64-bit
 #   - ARM 64-bit
 ############################################################
-FROM mongo:7.0.12-jammy
+FROM mongo:7.0.14-jammy
 
 WORKDIR /
 

deploy/requirements.txt

@@ -1,30 +1,30 @@
 #
-# This file is autogenerated by pip-compile with Python 3.10
+# This file is autogenerated by pip-compile with Python 3.12
 # by the following command:
 #
 #    pip-compile requirements.in
 #
-ansible==10.2.0
+ansible==10.3.0
     # via -r requirements.in
-ansible-core==2.17.2
+ansible-core==2.17.3
     # via ansible
-cachetools==5.3.3
+cachetools==5.5.0
     # via google-auth
-certifi==2024.7.4
+certifi==2024.8.30
     # via
     #   kubernetes
     #   requests
-cffi==1.16.0
+cffi==1.17.1
     # via cryptography
 charset-normalizer==3.3.2
     # via requests
-cryptography==42.0.8
+cryptography==43.0.1
     # via
     #   ansible-core
     #   pyopenssl
-google-auth==2.32.0
+google-auth==2.34.0
     # via kubernetes
-idna==3.7
+idna==3.8
     # via requests
 jinja2==3.1.4
     # via
@@ -55,7 +55,7 @@ pyopenssl==24.2.1
     # via -r requirements.in
 python-dateutil==2.9.0.post0
     # via kubernetes
-pyyaml==6.0.1
+pyyaml==6.0.2
     # via
     #   -r requirements.in
     #   ansible-core