Updated files and patched dependencies

.flake8

@@ -2,5 +2,18 @@
 per-file-ignores =
     */steps/*.py: F811
 
+# Ignore multiple error codes that are either false positives or legacy code style
+# E231: missing whitespace after ':' (false positives with URLs and f-strings)
+# E126: continuation line over-indented for hanging indent
+# E223: tab before operator
+# E226: missing whitespace around arithmetic operator
+# E241: multiple spaces after ','
+# E272: multiple spaces before keyword
+# E702: multiple statements on one line (semicolon)
+# W503: line break before binary operator (conflicts with W504)
+# W504: line break after binary operator (conflicts with W503)
+# N818: exception name should be named with an Error suffix
+ignore = E231,E126,E223,E226,E241,E272,E702,W503,W504,N818
+
 # Set the maximum length that any line (with some exceptions) may be.
 max-line-length = 120

.pre-commit-config.yaml

@@ -30,12 +30,14 @@ repos:
     rev: v2.4.0
     hooks:
     -   id: add-trailing-comma
+        exclude: detect_secrets_stream/notification/tests/org_set_controller_test.py
 -   repo: https://github.com/pre-commit/mirrors-autopep8
     rev: v2.0.0
     hooks:
     -   id: autopep8
+        language_version: python3.12
 -   repo: https://github.com/ibm/detect-secrets
-    rev: 0.13.1+ibm.55.dss
+    rev: 0.13.1+ibm.64.dss
     hooks:
     -   id: detect-secrets # pragma: whitelist secret
         args: [--baseline, .secrets.baseline, --use-all-plugins, --no-keyword-scan ]

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "^.secrets.baseline$|^secret|^Pipfile.lock$|^kustomize_envs/.*/secret",
     "lines": null
   },
-  "generated_at": "2022-12-13T17:56:28Z",
+  "generated_at": "2025-11-19T22:50:30Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -139,7 +139,7 @@
       }
     ]
   },
-  "version": "0.13.1+ibm.55.dss",
+  "version": "0.13.1+ibm.64.dss",
   "word_list": {
     "file": null,
     "hash": null

.travis.yml

@@ -1,7 +1,7 @@
 os: linux
 language: python
 python:
-  - "3.9.18" # Matches version in Dockerfiles/Dockerfile.dss
+  - "3.12.12" # Matches version in Dockerfiles/Dockerfile.dss
 dist: focal
 services:
   - docker

Dockerfiles/Dockerfile.dss

@@ -1,31 +1,36 @@
 # Stage 1, create base
 # Reference from https://github.com/pypa/pipenv/issues/3160#issuecomment-510951442
 
-FROM python:3.9.18-slim AS base
+FROM python:3.12-slim AS base
 
 ENV PYROOT /pyroot
 ENV PYTHONUSERBASE $PYROOT
 ENV PATH $PATH:$PYROOT/bin
 
-RUN pip install pip==23.3
-RUN pip install setuptools==76.0.0
+RUN pip install pip==25.3
+RUN pip install setuptools==78.1.1
 
 RUN apt-get update && \
     apt-get upgrade -y && \
     apt-get install -y \
     # required tool
     git \
     # Required for compiling ibm-db package
-    build-essential libxml2 && \
+    build-essential libxml2 \
+    # Required for compiling gevent
+    python3-dev libev-dev libc-ares-dev && \
     apt-get clean && \
     apt-get autoclean
 
 # Stage 2
 FROM base AS builder
-# lock pipenv version due to https://github.com/pypa/pipenv/issues/4273
-RUN pip install pipenv==2018.11.26
+# Use newer pipenv version that works with modern Python packages
+RUN pip install pipenv==2024.4.0
 COPY Pipfile* ./
 RUN PIP_USER=1 PIP_IGNORE_INSTALLED=1 pipenv install --system --deploy --ignore-pipfile
+# Explicitly install packages that are sometimes skipped by pipenv
+# Use same PIP_USER=1 environment variable to install to /pyroot
+RUN PIP_USER=1 PIP_IGNORE_INSTALLED=1 pip install certifi==2024.12.14 typing-extensions==4.12.2 packaging==24.2 zope.interface==7.2 zope.event==5.0
 # Stage 3
 FROM base
 

Makefile

@@ -86,7 +86,7 @@ setup-deploy-tools:
 .PHONY: setup
 setup: setup-trivy setup-cosign setup-deploy-tools
 	pip install --upgrade pip
-	pip install "setuptools>=65.5.1" pipenv
+	pip install "setuptools>=65.5.1" "pipenv==2024.4.0"
 	PIP_IGNORE_INSTALLED=1 pipenv install --dev --deploy --ignore-pipfile
 
 	# download and install a few ibm cloud cli tools
@@ -192,7 +192,7 @@ quality-images:
 	# Aggregate return code to allow scan all images before existing
 	rc=0;                                                                       \
 	for image in $(shell skaffold build -q --dry-run | jq -r .builds[].tag); do \
-		$(TRIVY) image --exit-code 1 --skip-dirs "/pyroot/lib/python3.9/site-packages" --ignore-unfixed $${image};                \
+		$(TRIVY) image --exit-code 1 --skip-dirs "/pyroot/lib/python3.12/site-packages" --ignore-unfixed $${image};                \
 		rc=$$((rc+$$?));                                                        \
 	done;                                                                       \
 	exit $${rc}

Pipfile

@@ -4,39 +4,44 @@ url = "https://pypi.org/simple"
 verify_ssl = true
 
 [dev-packages]
-pytest = "==8.1.1"
-responses = "==0.20.0"
-mock = "==4.0.3"
+pytest = "==8.3.4"
+responses = "==0.25.3"
+mock = "==5.1.0"
 unittest2 = "==1.1.0"
-pre-commit = "==3.7.0"
-flake8 = "==4.0.1"
-autopep8 = "==1.6.0"
-pipenv = "==2023.12.1"
-pep8-naming = "==0.12.1"
-pytest-cov = "==3.0.0"
+pre-commit = "==4.0.1"
+flake8 = "==7.1.1"
+autopep8 = "==2.3.1"
+pipenv = "==2024.4.0"
+pep8-naming = "==0.14.1"
+pytest-cov = "==6.0.0"
 
 [packages]
 logmatic-python = "==0.1.7"
-confluent-kafka = "==2.5.0"
+confluent-kafka = "==2.6.1"
 jaeger-client = "==4.8.0"
-prometheus-client = "==0.14.0"
-psycopg2-binary = "==2.9.3"
-click = "==8.1.2"
-flask = "==2.2.5"
-backoff = "==1.11.1"
-boxsdk = {extras = ["jwt"],version = "==3.2.0"}
-cryptography = "==43.0.1"
-hvac = "==0.11.2"
+prometheus-client = "==0.21.1"
+psycopg2-binary = "==2.9.10"
+click = "==8.1.8"
+flask = "==3.1.1"
+backoff = "==2.2.1"
+boxsdk = {extras = ["jwt"],version = "==3.12.0"}
+cryptography = "==44.0.1"
+hvac = "==2.3.0"
 asyncio = "==3.4.3"
-requests = "==2.32.3"
-gunicorn = "==22.0.0"
-gevent = "==23.9.1"
-pyjwt = "==2.5.0"
-ibm-db = "==3.2.6"
-detect-secrets = {ref = "0.13.1+ibm.62.dss", git = "https://github.com/ibm/detect-secrets.git"}
-pytest = "==8.1.1"
-Werkzeug = "== 3.0.6"
-pre-commit = "==3.7.0"
+requests = "==2.32.5"
+certifi = "==2024.12.14"
+typing-extensions = "==4.12.2"
+packaging = "==24.2"
+gunicorn = "==23.0.0"
+gevent = "==24.11.1"
+zope.interface = "==7.2"
+zope.event = "==5.0"
+pyjwt = "==2.10.1"
+ibm-db = "==3.2.7"
+detect-secrets = {ref = "0.13.1+ibm.64.dss", git = "https://github.com/ibm/detect-secrets.git"}
+pytest = "==8.3.4"
+Werkzeug = "==3.1.5"
+pre-commit = "==4.0.1"
 
 [requires]
-python_version = "3.9"
+python_version = "3.12"