From 4cff0fd9e41ebef0c4cbdd33dc20220146a9cda4 Mon Sep 17 00:00:00 2001 From: Andreas Maier Date: Sun, 5 Nov 2023 14:38:08 +0100 Subject: [PATCH] Addressed safety issues up to 2023-11-05 Signed-off-by: Andreas Maier --- .safety-policy.yml | 2 ++ docs/changes.rst | 2 ++ minimum-constraints.txt | 3 ++- requirements.txt | 4 +++- 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.safety-policy.yml b/.safety-policy.yml index 330b1a90..ec27b9ff 100644 --- a/.safety-policy.yml +++ b/.safety-policy.yml @@ -72,6 +72,8 @@ security: reason: Fixed GitPython version 3.1.33 requires Python>=3.7 and is used there 60841: reason: Fixed GitPython version 3.1.35 requires Python>=3.7 and is used there + 61601: + reason: Fixed urllib3 version 1.26.17 requires Python>=3.6 and is used there # Continue with exit code 0 when vulnerabilities are found. continue-on-vulnerability-error: False diff --git a/docs/changes.rst b/docs/changes.rst index 44595a5a..20676136 100644 --- a/docs/changes.rst +++ b/docs/changes.rst @@ -31,6 +31,8 @@ Released: not yet **Bug fixes:** +* Addressed safety issues up to 2023-11-05. + **Enhancements:** **Cleanup:** diff --git a/minimum-constraints.txt b/minimum-constraints.txt index b5b5193b..9f44571f 100644 --- a/minimum-constraints.txt +++ b/minimum-constraints.txt @@ -133,7 +133,8 @@ jsonschema==3.0.1 yamlloader==0.5.5 # urllib3 is used to disable warnings -urllib3==1.26.5 +urllib3==1.26.9; python_version == '3.5' +urllib3==1.26.17; python_version >= '3.6' pyrsistent==0.15.1 diff --git a/requirements.txt b/requirements.txt index e97c4c56..765b3332 100644 --- a/requirements.txt +++ b/requirements.txt @@ -54,7 +54,9 @@ jsonschema>=3.0.1 yamlloader>=0.5.5 # urllib3 is used to disable warnings -urllib3>=1.26.5 # MIT +# urllib3 1.26.10 removed support for py35 +urllib3>=1.26.9; python_version == '3.5' +urllib3>=1.26.17; python_version >= '3.6' # Indirect dependencies (commented out, only listed to document their license):