From f90bf485c786671e1408eab26dc70aba93f67704 Mon Sep 17 00:00:00 2001 From: Andreas Maier Date: Sun, 26 Nov 2023 15:51:56 +0100 Subject: [PATCH] Addressed safety issues up to 2023-11-26 Signed-off-by: Andreas Maier --- .safety-policy.yml | 2 ++ docs/changes.rst | 2 +- minimum-constraints.txt | 6 +++--- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.safety-policy.yml b/.safety-policy.yml index 893bf38d..264487f4 100644 --- a/.safety-policy.yml +++ b/.safety-policy.yml @@ -44,6 +44,8 @@ security: reason: Fixed GitPython version 3.1.33 requires Python>=3.7 and is used there 60841: reason: Fixed GitPython version 3.1.35 requires Python>=3.7 and is used there + 62044: + reason: Fixed pip version 23.3 requires Python>=3.7 and is used there # Continue with exit code 0 when vulnerabilities are found. continue-on-vulnerability-error: False diff --git a/docs/changes.rst b/docs/changes.rst index 1619fbec..ba6873cc 100644 --- a/docs/changes.rst +++ b/docs/changes.rst @@ -40,7 +40,7 @@ Released: not yet **Bug fixes:** -* Addressed safety issues up to 2023-11-05. +* Addressed safety issues up to 2023-11-26. * Fixed missing 'CPC' argument in "zhmc cpc upgrade" command. (issue #487). diff --git a/minimum-constraints.txt b/minimum-constraints.txt index 7e28c441..b7cca586 100644 --- a/minimum-constraints.txt +++ b/minimum-constraints.txt @@ -25,9 +25,9 @@ # pip 18.1 supports PEP-508 URLs, so the deprecated dependency_links no longer needs to be used. # Pip 20.2 introduced a new resolver whose backtracking had issues that were resolved only in 21.2.2. # pip>=21.0 is needed for the cryptography package on Windows on GitHub Actions. -pip==21.2.4; python_version >= '3.6' and python_version <= '3.9' -pip==23.0.1; python_version >= '3.10' and python_version <= '3.11' -pip==23.2.0; python_version >= '3.12' +pip==21.3.1; python_version == '3.6' +pip==23.3; python_version >= '3.7' + # setuptools 59.7.0 removed support for py36 setuptools==59.6.0; python_version == '3.6' setuptools==65.5.1; python_version >= '3.7' and python_version <= '3.11'