From 54c8139ab1f5bd1fbe058545c1d67bc4126d6adf Mon Sep 17 00:00:00 2001 From: Andreas Maier Date: Sun, 26 Nov 2023 15:24:45 +0100 Subject: [PATCH] Addressed safety issues up to 2023-11-26 Signed-off-by: Andreas Maier --- .safety-policy.yml | 2 ++ docs/changes.rst | 2 +- minimum-constraints.txt | 6 ++++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.safety-policy.yml b/.safety-policy.yml index 84e405e0..0bd4ea70 100644 --- a/.safety-policy.yml +++ b/.safety-policy.yml @@ -64,6 +64,8 @@ security: reason: Fixed urllib3 version 1.26.17 requires Python>=3.6 and is used there 61893: reason: Fixed urllib3 version 1.26.18 requires Python>=3.6 and is used there + 62044: + reason: Fixed pip version 23.3 requires Python>=3.7 and is used there # Continue with exit code 0 when vulnerabilities are found. continue-on-vulnerability-error: False diff --git a/docs/changes.rst b/docs/changes.rst index fcf409a2..5ba1f4c1 100644 --- a/docs/changes.rst +++ b/docs/changes.rst @@ -28,7 +28,7 @@ Released: not yet **Bug fixes:** -* Addressed safety issues up to 2023-11-05. +* Addressed safety issues up to 2023-11-26. **Enhancements:** diff --git a/minimum-constraints.txt b/minimum-constraints.txt index 1202e22b..2e1073ec 100644 --- a/minimum-constraints.txt +++ b/minimum-constraints.txt @@ -64,14 +64,16 @@ # pip 19.2 fixes safety issue 38765 # pip 21.1 fixes safety issues 42559,40291 pip==19.3.1; python_version == '3.5' -pip==21.2.4; python_version >= '3.6' and python_version <= '3.9' -pip==23.0.1; python_version >= '3.10' +pip==21.3.1; python_version == '3.6' +pip==23.3; python_version >= '3.7' + # setuptools 51.0.0 removed support for py35 # setuptools 59.7.0 removed support for py36 # setuptools 65.5.1 fixes safety issue 52495 setuptools==50.3.2; python_version == '3.5' setuptools==59.6.0; python_version == '3.6' setuptools==65.5.1; python_version >= '3.7' + # wheel 0.38.1 fixes safety issue 51499 wheel==0.30.0; python_version <= '3.6' wheel==0.38.1; python_version >= '3.7'