Update utils.py

Fix CodeQL alerts #1 and #2: Secure exception handling in get_sentry and get_quiz 33,115

.github/dependabot.yml

@@ -12,10 +12,10 @@ updates:
 
   # Configuration for pip dependencies
   - package-ecosystem: 'pip'
-    directory: '/'
+    directory: '/backend'
     schedule:
       interval: 'monthly'
     open-pull-requests-limit: 10
     labels:
       - 'dependencies'
-      - 'pip'
+      - 'python'

backend/api_app/utils.py

@@ -28,9 +28,9 @@ def get_sentry():
         response.raise_for_status()
         data = response.json()
         return Response(data, status=HTTP_200_OK)
-    except ValidationError as e:
-        print(e)
-        return Response(e, status=HTTP_400_BAD_REQUEST)
+    except (requests.RequestException, json.JSONDecodeError) as e:
+        logger.error(f"Error in get_sentry: {str(e)}", exc_info=True)
+        return Response({"error": "Failed to fetch Sentry data"}, status=HTTP_400_BAD_REQUEST)
     
 
 
@@ -110,9 +110,9 @@ def get_quiz():
     print(data)
 
     return Response(data, status=HTTP_201_CREATED)
-  except ValidationError as e:
-    print(e)
-    return Response(e, status=HTTP_400_BAD_REQUEST)
+  except (json.JSONDecodeError, openai.OpenAIError) as e:
+        logger.error(f"Error in get_quiz: {str(e)}", exc_info=True)
+        return Response({"error": "Failed to generate quiz"}, status=HTTP_400_BAD_REQUEST)
 
 # ask_question()
 

backend/requirements.txt

@@ -1,28 +1,57 @@
 annotated-types==0.7.0
-anyio==4.7.0
+anyio==4.9.0
 asgiref==3.8.1
-certifi==2024.8.30
-charset-normalizer==3.4.1
-click==8.1.7
+boolean.py==5.0
+boto3==1.38.27
+botocore==1.38.27
+CacheControl==0.14.3
+certifi==2025.4.26
+charset-normalizer==3.4.2
+click==8.1.8
+cyclonedx-python-lib==10.0.1
+defusedxml==0.7.1
 distro==1.9.0
-Django==5.1.1
-django-cors-headers==4.6.0
-djangorestframework==3.15.2
+Django==5.2.1
+django-cors-headers==4.7.0
+djangorestframework==3.16.0
+exceptiongroup==1.3.0
+filelock==3.18.0
+git-filter-repo==2.47.0
 gunicorn==23.0.0
-h11==0.14.0
-httpcore==1.0.7
-httpx==0.27.2
+h11==0.16.0
+httpcore==1.0.9
+httpx==0.28.1
 idna==3.10
-openai==1.58.1
-packaging==24.1
-pydantic==2.9.2
-pydantic_core==2.27.2
-python-dotenv==1.0.1
+jiter==0.10.0
+jmespath==1.0.1
+license-expression==30.4.1
+markdown-it-py==3.0.0
+mdurl==0.1.2
+msgpack==1.1.0
+openai==1.82.1
+packageurl-python==0.16.0
+packaging==25.0
+pip-api==0.0.34
+pip-requirements-parser==32.0.1
+platformdirs==4.3.8
+psutil==7.0.0
+py-serializable==2.0.0
+pydantic==2.11.5
+pydantic_core==2.34.1
+Pygments==2.19.1
+pyparsing==3.2.3
+python-dateutil==2.9.0.post0
+python-dotenv==1.1.0
 requests==2.32.3
+rich==14.0.0
+s3transfer==0.13.0
+six==1.17.0
 sniffio==1.3.1
-sqlparse==0.5.1
+sortedcontainers==2.4.0
+sqlparse==0.5.3
+toml==0.10.2
 tqdm==4.67.1
 typing_extensions==4.12.2
-urllib3==2.2.3
+urllib3==2.4.0
 uvicorn==0.31.0
-whitenoise==6.8.2
+whitenoise==6.9.0

frontend/package.json

@@ -13,7 +13,7 @@
     "@emotion/react": "^11.11.4",
     "@emotion/styled": "^11.11.5",
     "@mui/material": "^5.15.18",
-    "axios": "^1.7.4",
+    "axios": "^1.8.2",
     "dotenv": "^16.4.5",
     "konva": "^9.3.8",
     "nvm": "^0.0.4",
@@ -25,7 +25,7 @@
   "devDependencies": {
     "@types/react": "^18.2.66",
     "@types/react-dom": "^18.2.22",
-    "@vitejs/plugin-react": "^4.2.1",
+    "@vitejs/plugin-react": "^4.5.0",
     "autoprefixer": "^10.4.19",
     "eslint": "^8.57.0",
     "eslint-plugin-react": "^7.34.1",
@@ -33,6 +33,6 @@
     "eslint-plugin-react-refresh": "^0.4.6",
     "postcss": "^8.4.38",
     "tailwindcss": "^3.4.3",
-    "vite": "^5.4.14"
+    "vite": "^6.3.5"
   }
 }