From cf3ca397bd4033fec050b0c8f3960b99ef844497 Mon Sep 17 00:00:00 2001 From: Mateusz Szczesny Date: Mon, 4 Dec 2023 16:41:40 +0100 Subject: [PATCH] [BH-1842] Fix dependabot alerts GitHub's dependabot suggests we might be using outdated and vulnerable python libraries. This commit updates our requirements to use more recent verions of some of the libraries. --- config/requirements.txt | 2 +- docker/assets/requirements.txt | 4 ++-- tools/requirements.txt | 8 ++++---- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/config/requirements.txt b/config/requirements.txt index a9bba72ce28927f1b292581e6db72b59a0715451..747d1c2208d8ac85aad8b9be9d0cf07a25516999 100644 --- a/config/requirements.txt +++ b/config/requirements.txt @@ -1 +1 @@ -gitpython==3.1.11 +gitpython>=3.1.41 diff --git a/docker/assets/requirements.txt b/docker/assets/requirements.txt index 5476bceca2793cd22f307a4471cab0b8f4510fd7..5256414089326772ffc00df6c4d996fde6322223 100644 --- a/docker/assets/requirements.txt +++ b/docker/assets/requirements.txt @@ -3,12 +3,12 @@ dataclasses==0.6 dataclasses_json==0.5.4 eyed3==0.9.6 ghapi -gitpython==3.1.11 +gitpython>=3.1.41 iniconfig==1.1.1 inotify==0.2.10 packaging==20.4 pluggy==0.13.1 -py==1.10.0 +py<=1.11.0 pyparsing==2.4.7 pyserial==3.5 pytest==6.1.2 diff --git a/tools/requirements.txt b/tools/requirements.txt index eee05f55029c38cbe52b92ca573e344a532cdcce..8b968fe5c004b3e623e0a40c70311e395b3cb3ae 100644 --- a/tools/requirements.txt +++ b/tools/requirements.txt @@ -1,12 +1,12 @@ -certifi==2021.5.30 +certifi>=2023.7.22 charset-normalizer==2.0.4 gitdb==4.0.7 -GitPython==3.1.18 +gitpython>=3.1.41 idna==3.2 -requests==2.26.0 +requests>=2.31.0 smmap==4.0.0 tqdm==4.62.2 -urllib3==1.26.6 +urllib3>=1.26.18 ghapi pylink matplotlib