~aleteoryx/muditaos: [BH-1842] Fix dependabot alerts

cf3ca397bd4033fec050b0c8f3960b99ef844497 — Mateusz Szczesny 2 years ago 048dd61

[BH-1842] Fix dependabot alerts

GitHub's dependabot suggests we might be using outdated
and vulnerable python libraries. This commit updates our
requirements to use more recent verions of some of the
libraries.

patch browse .tar.gz

3 files changed, 7 insertions(+), 7 deletions(-)

M config/requirements.txt
M docker/assets/requirements.txt
M tools/requirements.txt

M config/requirements.txt => config/requirements.txt +1 -1

@@ 1,1 1,1 @@
-gitpython==3.1.11
+gitpython>=3.1.41

M docker/assets/requirements.txt => docker/assets/requirements.txt +2 -2

@@ 3,12 3,12 @@ dataclasses==0.6
 dataclasses_json==0.5.4
 eyed3==0.9.6
 ghapi
-gitpython==3.1.11
+gitpython>=3.1.41
 iniconfig==1.1.1
 inotify==0.2.10
 packaging==20.4
 pluggy==0.13.1
-py==1.10.0
+py<=1.11.0
 pyparsing==2.4.7
 pyserial==3.5
 pytest==6.1.2

M tools/requirements.txt => tools/requirements.txt +4 -4

@@ 1,12 1,12 @@
-certifi==2021.5.30
+certifi>=2023.7.22
 charset-normalizer==2.0.4
 gitdb==4.0.7
-GitPython==3.1.18
+gitpython>=3.1.41
 idna==3.2
-requests==2.26.0
+requests>=2.31.0
 smmap==4.0.0
 tqdm==4.62.2
-urllib3==1.26.6
+urllib3>=1.26.18
 ghapi
 pylink
 matplotlib