From 9834e48533b732b48a9d986a19028bef5ebf4381 Mon Sep 17 00:00:00 2001
From: James Brown <james.c.brown@gsa.gov>
Date: Tue, 30 Jul 2024 10:30:35 -0700
Subject: [PATCH 1/4] Fix cookie strict

Add necessary config items from ckan2.10 changelog: https://docs.ckan.org/en/2.10/changelog.html#migration-notes-2-10
---
 config/ckan.ini | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/ckan.ini b/config/ckan.ini
index 2c8a2a0a..1615cf53 100644
--- a/config/ckan.ini
+++ b/config/ckan.ini
@@ -37,6 +37,8 @@ beaker.session.secret = $CKAN___BEAKER__SESSION__SECRET
 
 beaker.session.type=ext:database
 beaker.session.cookie_expires=true
+beaker.session.secure = True
+beaker.session.samesite = Strict
 #beaker.session.url = $CKAN___BEAKER__SESSION__URL
 # 900 seconds = 15 mins
 beaker.session.timeout=900

From eb7fd9b177d0030cbd32aa65da87d717eae80c3d Mon Sep 17 00:00:00 2001
From: James Brown <james.c.brown@gsa.gov>
Date: Thu, 1 Aug 2024 14:45:39 -0700
Subject: [PATCH 2/4] Update ckan.ini

Change to lax
---
 config/ckan.ini | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/ckan.ini b/config/ckan.ini
index 1615cf53..e3229f1b 100644
--- a/config/ckan.ini
+++ b/config/ckan.ini
@@ -38,7 +38,7 @@ beaker.session.secret = $CKAN___BEAKER__SESSION__SECRET
 beaker.session.type=ext:database
 beaker.session.cookie_expires=true
 beaker.session.secure = True
-beaker.session.samesite = Strict
+beaker.session.samesite = Lax
 #beaker.session.url = $CKAN___BEAKER__SESSION__URL
 # 900 seconds = 15 mins
 beaker.session.timeout=900

From a3c3e75b7d20d4e6bf11f81aeb22b63489783eb7 Mon Sep 17 00:00:00 2001
From: James Brown <james.c.brown@gsa.gov>
Date: Thu, 1 Aug 2024 15:29:43 -0700
Subject: [PATCH 3/4] Update requirements.txt

---
 requirements.txt | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 5dd56995..6b9ac818 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,8 +5,8 @@ Babel==2.10.3
 Beaker==1.11.0
 bleach==5.0.1
 blinker==1.5
-boto3==1.34.144
-botocore==1.34.144
+boto3==1.34.152
+botocore==1.34.152
 certifi==2024.7.4
 cffi==1.16.0
 chardet==5.2.0
@@ -19,10 +19,10 @@ ckanext-googleanalyticsbasic==0.2.1
 ckanext-s3filestore @ git+https://github.com/keitaroinc/ckanext-s3filestore.git@caf88c0352ffe7b4432d3d55ddfb0a71249ceddd
 ckanext-saml2auth @ git+https://github.com/GSA/ckanext-saml2auth.git@387cfc1c6a7619f670bf387384f2634516de5844
 ckanext-usmetadata==0.3.2
--e git+https://github.com/ckan/ckanext-xloader.git@3a865acd843bf7e2a7e2eb3c4e983816eddb6658#egg=ckanext_xloader
+-e git+https://github.com/ckan/ckanext-xloader.git@a96ce28c589dfe6b1b850d8eeeb14f1e1dfe9759#egg=ckanext_xloader
 ckantoolkit==0.0.7
 click==8.1.3
-cryptography==42.0.8
+cryptography==43.0.0
 defusedxml==0.7.1
 dominate==2.7.0
 elementpath==4.4.0
@@ -65,7 +65,7 @@ polib==1.1.1
 psycopg2==2.9.3
 pycparser==2.22
 PyJWT==2.4.0
-pyOpenSSL==24.1.0
+pyOpenSSL==24.2.1
 pyparsing==3.1.2
 pysaml2==7.3.1
 pysolr==3.9.0
@@ -75,7 +75,7 @@ pytz==2024.1
 pytz-deprecation-shim==0.1.0.post0
 PyUtilib==6.0.0
 PyYAML==6.0.1
-redis==5.0.7
+redis==5.0.8
 requests==2.32.3
 rfc3987==1.3.8
 rq==1.11.0
@@ -102,6 +102,6 @@ Werkzeug==2.0.3
 wheel==0.42.0
 WTForms==3.1.2
 xlrd==2.0.1
-xmlschema==3.3.1
+xmlschema==3.3.2
 zope.event==5.0
 zope.interface==5.4.0

From 46333cf16630e80f366588621077a1325e32c980 Mon Sep 17 00:00:00 2001
From: James Brown <james.c.brown@gsa.gov>
Date: Thu, 1 Aug 2024 15:44:09 -0700
Subject: [PATCH 4/4] Update .snyk

Update per https://github.com/GSA/data.gov/issues/4591, still no fix.
---
 .snyk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.snyk b/.snyk
index 36fcacac..370dbfdb 100644
--- a/.snyk
+++ b/.snyk
@@ -49,7 +49,7 @@ ignore:
         reason: >-
           No remediation available yet; Issue tracked in github:
           https://github.com/GSA/data.gov/issues/4591
-        expires: 2024-07-31T19:29:54.032Z
+        expires: 2024-08-31T19:29:54.032Z
   SNYK-PYTHON-CRYPTOGRAPHY-6592767:
     - '*':
         reason: >-