Dev: Fixed safety issues up to 2024-06-02

Signed-off-by: Andreas Maier <andreas.r.maier@gmx.de>
pywbem · Jun 2, 2024 · c6c7aca · c6c7aca
1 parent 9d3d09a
commit c6c7aca
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 5 deletions.
diff --git a/.safety-policy.yml b/.safety-policy.yml
@@ -48,6 +48,10 @@ security:
             reason: Fixed jinja2 version 3.1.3 requires Python>=3.7 and is used there
         63687:
             reason: Fixed gitpython version 3.1.41 requires Python>=3.7 and is used there
+        68477:
+            reason: Fixed virtualenv version 20.21.0 requires Python>=3.7 and is used on Python>=3.8
+        70612:
+            reason: Disputed issue in jinja2 version 3.1.3 - No known fix
 
     # Continue with exit code 0 when vulnerabilities are found.
     continue-on-vulnerability-error: False
diff --git a/docs/changes.rst b/docs/changes.rst
@@ -16,6 +16,8 @@ Released: not yet
 
 **Bug fixes:**
 
+* Dev: Fixed safety issues up to 2024-06-02.
+
 **Enhancements:**
 
 **Cleanup:**

diff --git a/minimum-constraints.txt b/minimum-constraints.txt
@@ -44,8 +44,8 @@ pytest==7.0.0
 # Install test direct dependencies:
 
 # virtualenv
-virtualenv==20.2.1; python_version <= '3.11'
-virtualenv==20.23.0; python_version >= '3.12'
+virtualenv==20.2.1; python_version <= '3.7'
+virtualenv==20.23.0; python_version >= '3.8'
 
 # Indirect dependencies for test (must be consistent with test-requirements.txt, if present)
 
@@ -180,7 +180,8 @@ docopt==0.6.1
 filelock==3.2.0; python_version <= '3.11'
 filelock==3.11.0; python_version >= "3.12"
 gitdb==4.0.1
-idna==2.5
+# idna>3 requires using requests >=2.26.0
+idna==3.7
 imagesize==0.7.1
 Jinja2==3.0.0; python_version == '3.6'
 Jinja2==3.1.3; python_version >= '3.7'
@@ -195,7 +196,7 @@ python-dateutil==2.6.0
 pyzmq==16.0.4; python_version <= '3.11'
 pyzmq==25.1.1; python_version >= '3.12'
 qtconsole==4.2.1
-requests==2.25.0; python_version == '3.6'
+requests==2.26.0; python_version == '3.6'
 requests==2.31.0; python_version >= '3.7'
 requests-toolbelt==0.8.0
 rfc3986==1.3.0

diff --git a/test-requirements.txt b/test-requirements.txt
@@ -22,7 +22,7 @@ pytest>=7.0.0
 # virtualenv 20.2.1 started removing the prior pinning of importlib-metadata to <3
 # tox 3.21.0 requires virtualenv!=20.0.[0-7],>=16.0.0 and requires Python >=3.5
 virtualenv>=20.2.1,<20.16.3; python_version <= '3.7'
-virtualenv>=20.2.1; python_version >= '3.8'
+virtualenv>=20.23.0; python_version >= '3.8'
 
 
 # Indirect dependencies with special constraints: