From 66c5b9c927aa73a4a421728683993847f79e2711 Mon Sep 17 00:00:00 2001
From: Magdy Saleh <17618143+magdyksaleh@users.noreply.github.com>
Date: Wed, 18 Sep 2024 16:30:17 -0400
Subject: [PATCH] Fix dependencies to address high urgency dependabot alerts
 (#612)

---
 Cargo.lock                    | 18 +++++++++++-------
 Cargo.toml                    |  1 +
 clients/python/pyproject.toml |  3 ++-
 router/Cargo.toml             |  2 ++
 router/client/Cargo.toml      |  2 ++
 5 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index bcc9b7007..cb7b122ea 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1531,6 +1531,7 @@ dependencies = [
  "prost",
  "prost-build",
  "regex",
+ "rustls 0.22.4",
  "thiserror",
  "tokenizers",
  "tokio",
@@ -1538,6 +1539,7 @@ dependencies = [
  "tonic-build",
  "tower",
  "tracing",
+ "webpki",
 ]
 
 [[package]]
@@ -1586,6 +1588,7 @@ dependencies = [
  "reqwest",
  "reqwest-middleware",
  "reqwest-retry",
+ "rustls 0.22.4",
  "serde",
  "serde_json",
  "slotmap",
@@ -1599,6 +1602,7 @@ dependencies = [
  "utoipa",
  "utoipa-swagger-ui",
  "vergen",
+ "webpki",
 ]
 
 [[package]]
@@ -2942,9 +2946,9 @@ dependencies = [
 
 [[package]]
 name = "rustls"
-version = "0.22.2"
+version = "0.22.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e87c9956bd9807afa1f77e0f7594af32566e830e088a5576d27c5b6f30f49d41"
+checksum = "bf4ef73721ac7bcd79b2b315da7779d8fc09718c6b3d2d1b2d94850eb8c18432"
 dependencies = [
  "log",
  "ring 0.17.8",
@@ -3946,7 +3950,7 @@ dependencies = [
  "log",
  "native-tls",
  "once_cell",
- "rustls 0.22.2",
+ "rustls 0.22.4",
  "rustls-pki-types",
  "rustls-webpki",
  "serde",
@@ -4189,12 +4193,12 @@ dependencies = [
 
 [[package]]
 name = "webpki"
-version = "0.22.0"
+version = "0.22.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd"
+checksum = "ed63aea5ce73d0ff405984102c42de94fc55a6b75765d621c65262469b3c9b53"
 dependencies = [
- "ring 0.16.20",
- "untrusted 0.7.1",
+ "ring 0.17.8",
+ "untrusted 0.9.0",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 95835706b..3b5e6b7ac 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -12,6 +12,7 @@ edition = "2021"
 authors = ["Predibase", "Olivier Dehaene"]
 homepage = "https://github.com/predibase/lorax"
 
+
 [profile.release]
 debug = 1
 incremental = true
diff --git a/clients/python/pyproject.toml b/clients/python/pyproject.toml
index b65da9cb7..1a09bc322 100644
--- a/clients/python/pyproject.toml
+++ b/clients/python/pyproject.toml
@@ -18,9 +18,10 @@ python = "^3.8"
 pydantic = "> 2, < 3"
 aiohttp = "^3.9"
 huggingface-hub = ">= 0.12, < 1.0"
+certifi = "2024.7.4"
 
 [tool.poetry.dev-dependencies]
-pytest = "^6.2.5"
+pytest = "^7.3.0"
 pytest-asyncio = "^0.17.2"
 pytest-cov = "^3.0.0"
 
diff --git a/router/Cargo.toml b/router/Cargo.toml
index 55335124d..38b9f1c44 100644
--- a/router/Cargo.toml
+++ b/router/Cargo.toml
@@ -58,6 +58,8 @@ async-trait = "0.1.80"
 minijinja = { version = "2.0.2" }
 minijinja-contrib = { version = "2.0.2", features = ["pycompat"] }
 image = "0.25.1"
+rustls = "0.22.4"
+webpki = "0.22.2"
 base64 = "0.22.0"
 
 [build-dependencies]
diff --git a/router/client/Cargo.toml b/router/client/Cargo.toml
index 10b247312..8f2f8d122 100644
--- a/router/client/Cargo.toml
+++ b/router/client/Cargo.toml
@@ -17,6 +17,8 @@ tower = "^0.4"
 tracing = "^0.1"
 regex = "1.5.4"
 base64 = "0.22.0"
+rustls = "0.22.4"
+webpki = "0.22.2"
 
 [build-dependencies]
 tonic-build = "0.9.2"