Update requirements

apiserver/requirements.txt

@@ -2,31 +2,30 @@ attrs>=22.1.0,<23
 azure-storage-blob>=12.13.1
 bcrypt>=3.1.4
 boltons>=19.1.0
-boto3==1.14.13
-boto3-stubs[s3]>=1.24.35
+boto3>=1.26
+boto3-stubs[s3]>=1.26
 clearml>=1.10.3
 dpath>=1.4.2,<2.0
-elasticsearch==7.13.3
+elasticsearch==7.17.9
 fastjsonschema>=2.8
 flask-compress>=1.4.0
 flask-cors>=3.0.5
-flask>=0.12.2
+flask>=2.3.2
 furl>=2.0.0
 google-cloud-storage>=2.8.0
 gunicorn>=20.1.0
 humanfriendly>=4.17
-jinja2<3.0
+jinja2
 jsonmodels>=2.3
 jsonschema>=2.6.0
 luqum>=0.10.0
-markupsafe==2.0.1
-mongoengine==0.24.2
+mongoengine==0.27.0
 nested_dict>=1.61
 packaging==20.3
 psutil>=5.6.5
 pyhocon>=0.3.35r
 pyjwt>=2.4.0
-pymongo[srv]==4.1.1
+pymongo[srv]==4.4.0
 python-rapidjson>=0.6.3
 redis>=4.5.4,<5
 requests>=2.13.0
@@ -34,3 +33,4 @@ semantic_version>=2.8.3,<3
 setuptools>=65.5.1
 six
 validators>=0.12.4
+urllib3>=1.26.16

apiserver/server_init/app_sequence.py

@@ -46,7 +46,6 @@ class AppSequence:
         self._attach_request_handlers(request_handlers)
 
     def _attach_request_handlers(self, request_handlers: RequestHandlers):
-        self.app.before_first_request(request_handlers.before_app_first_request)
         self.app.before_request(request_handlers.before_request)
         self.app.after_request(request_handlers.after_request)
 

apiserver/server_init/request_handlers.py

@@ -1,10 +1,10 @@
 import unicodedata
+import urllib.parse
 from functools import partial
 
 from flask import request, Response, redirect
 from werkzeug.datastructures import ImmutableMultiDict
 from werkzeug.exceptions import BadRequest
-from werkzeug.urls import url_quote
 
 from apiserver.apierrors import APIError
 from apiserver.apierrors.base import BaseError
@@ -22,9 +22,6 @@ class RequestHandlers:
     _request_strip_prefix = config.get("apiserver.request.strip_prefix", None)
     _server_header = config.get("apiserver.response.headers.server", "clearml")
 
-    def before_app_first_request(self):
-        pass
-
     def before_request(self):
         if request.method == "OPTIONS":
             return "", 200
@@ -52,7 +49,7 @@ class RequestHandlers:
                         simple = unicodedata.normalize("NFKD", call.result.filename)
                         simple = simple.encode("ascii", "ignore").decode("ascii")
                         # safe = RFC 5987 attr-char
-                        quoted = url_quote(call.result.filename, safe="")
+                        quoted = urllib.parse.quote(call.result.filename, safe="")
                         filenames = f"filename={simple}; filename*=UTF-8''{quoted}"
                     else:
                         filenames = f"filename={call.result.filename}"

fileserver/fileserver.py

@@ -3,6 +3,7 @@ import json
 import mimetypes
 import os
 import shutil
+import urllib.parse
 from argparse import ArgumentParser
 from collections import defaultdict
 from pathlib import Path
@@ -13,7 +14,6 @@ from flask_compress import Compress
 from flask_cors import CORS
 from werkzeug.exceptions import NotFound
 from werkzeug.security import safe_join
-from werkzeug.urls import url_unquote_plus
 
 from config import config
 from utils import get_env_bool
@@ -133,7 +133,7 @@ def batch_delete():
         log_errors[msg].append(str(path_))
 
     for file in files:
-        path = url_unquote_plus(file)
+        path = urllib.parse.unquote_plus(file)
         if not path or not path.strip("/"):
             # empty path may result in deleting all company data. Too dangerous
             record_error("Empty path not allowed", file, path)

fileserver/requirements.txt

@@ -1,9 +1,7 @@
 boltons>=19.1.0
 flask-compress>=1.4.0
 flask-cors>=3.0.5
-flask>=0.12.2
+flask>=2.3.2
 gunicorn>=20.1.0
-markupsafe==2.0.1
 pyhocon>=0.3.35
 setuptools>=65.5.1
-