From 8806ca74a34762eee854abfff9ebc0e62ee84b71 Mon Sep 17 00:00:00 2001
From: nickumia-reisys <datagovhelp@gsa.gov>
Date: Thu, 6 Feb 2025 12:05:55 +0000
Subject: [PATCH] Update Pip Requirements

fix snyk similar to catalog
---
 .github/workflows/snyk.yml |  6 ++----
 requirements.in.txt        |  2 +-
 requirements.txt           | 16 ++++++++--------
 3 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
index 748484b3..66b68809 100644
--- a/.github/workflows/snyk.yml
+++ b/.github/workflows/snyk.yml
@@ -61,15 +61,13 @@ jobs:
           # Fail so that PR is created
           exit 1
       - name: Create Pull Request
-        if: ${{ failure() && github.event_name == 'schedule' }}
+        if: ${{ failure() }}
         id: scpr
         uses: peter-evans/create-pull-request@v7
         with:
-          token: ${{ secrets.ADD_TO_PROJECT_PAT }}
           commit-message: Update Pip Requirements
-          committer: Data.gov Github <datagovhelp@gsa.gov>
-          author: ${{ github.actor }} <datagovhelp@gsa.gov>
           signoff: false
+          sign-commits: true
           branch: requirement-patches
           delete-branch: true
           title: '[Snyk + GH Actions] Update requirements'
diff --git a/requirements.in.txt b/requirements.in.txt
index fa5a592d..7e556ab6 100644
--- a/requirements.in.txt
+++ b/requirements.in.txt
@@ -84,7 +84,6 @@ wheel==0.42.0
 # avoid ImportError error https://github.com/GSA/data.gov/issues/4396
 importlib-resources<6.0
 cryptography>42.0.4
-pip>=23.3
 jinja2>=3.1.5
 
 # fix for https://security.snyk.io/vuln/SNYK-PYTHON-GEVENT-8320934
@@ -107,3 +106,4 @@ MarkupSafe==2.*
 
 # avoid conflic dependencies issue
 greenlet>=3.1.1
+pip>=25.0
diff --git a/requirements.txt b/requirements.txt
index 546a592e..acef085c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,9 +5,9 @@ Babel==2.10.3
 Beaker==1.11.0
 bleach==5.0.1
 blinker==1.5
-boto3==1.36.7
-botocore==1.36.7
-certifi==2024.12.14
+boto3==1.36.14
+botocore==1.36.14
+certifi==2025.1.31
 cffi==1.17.1
 chardet==5.2.0
 charset-normalizer==3.4.1
@@ -17,7 +17,7 @@ ckanext-dcat-usmetadata==0.6.0
 ckanext-envvars==0.0.6
 ckanext-s3filestore @ git+https://github.com/keitaroinc/ckanext-s3filestore.git@caf88c0352ffe7b4432d3d55ddfb0a71249ceddd
 ckanext-saml2auth @ git+https://github.com/GSA/ckanext-saml2auth.git@387cfc1c6a7619f670bf387384f2634516de5844
-ckanext-usmetadata==0.3.2
+ckanext-usmetadata==0.3.3
 -e git+https://github.com/ckan/ckanext-xloader.git@11eb3e64867ac9aa3cab95236e3eed520f601012#egg=ckanext_xloader
 ckantoolkit==0.0.7
 click==8.1.3
@@ -47,19 +47,19 @@ jsonlines==4.0.0
 jsonschema==2.4.0
 linear-tsv==1.1.0
 lxml==4.9.1
-Mako==1.3.8
+Mako==1.3.9
 Markdown==3.4.1
 MarkupSafe==2.0.1
 messytables==0.15.2
 mypy==1.10.1
 mypy-extensions==1.0.0
-newrelic==10.4.0
+newrelic==10.5.0
 nose==1.3.7
 openpyxl==3.1.5
 packaging==24.1
 passlib==1.7.4
 pika==1.3.2
-pip==24.3.1
+pip==25.0
 polib==1.1.1
 psycopg2==2.9.3
 pycparser==2.22
@@ -70,7 +70,7 @@ pysaml2==7.3.1
 pysolr==3.9.0
 python-dateutil==2.8.2
 python-magic==0.4.27
-pytz==2024.2
+pytz==2025.1
 pytz-deprecation-shim==0.1.0.post0
 PyUtilib==6.0.0
 PyYAML==6.0.1