From c6c7acaa03dd3441f2eb67ba323b04bed3bbef64 Mon Sep 17 00:00:00 2001 From: Andreas Maier Date: Sun, 2 Jun 2024 09:19:32 +0200 Subject: [PATCH] Dev: Fixed safety issues up to 2024-06-02 Signed-off-by: Andreas Maier --- .safety-policy.yml | 4 ++++ docs/changes.rst | 2 ++ minimum-constraints.txt | 9 +++++---- test-requirements.txt | 2 +- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/.safety-policy.yml b/.safety-policy.yml index a9f2b4b..1714370 100644 --- a/.safety-policy.yml +++ b/.safety-policy.yml @@ -48,6 +48,10 @@ security: reason: Fixed jinja2 version 3.1.3 requires Python>=3.7 and is used there 63687: reason: Fixed gitpython version 3.1.41 requires Python>=3.7 and is used there + 68477: + reason: Fixed virtualenv version 20.21.0 requires Python>=3.7 and is used on Python>=3.8 + 70612: + reason: Disputed issue in jinja2 version 3.1.3 - No known fix # Continue with exit code 0 when vulnerabilities are found. continue-on-vulnerability-error: False diff --git a/docs/changes.rst b/docs/changes.rst index bda3a0c..81db776 100644 --- a/docs/changes.rst +++ b/docs/changes.rst @@ -16,6 +16,8 @@ Released: not yet **Bug fixes:** +* Dev: Fixed safety issues up to 2024-06-02. + **Enhancements:** **Cleanup:** diff --git a/minimum-constraints.txt b/minimum-constraints.txt index d114475..d0b621c 100644 --- a/minimum-constraints.txt +++ b/minimum-constraints.txt @@ -44,8 +44,8 @@ pytest==7.0.0 # Install test direct dependencies: # virtualenv -virtualenv==20.2.1; python_version <= '3.11' -virtualenv==20.23.0; python_version >= '3.12' +virtualenv==20.2.1; python_version <= '3.7' +virtualenv==20.23.0; python_version >= '3.8' # Indirect dependencies for test (must be consistent with test-requirements.txt, if present) @@ -180,7 +180,8 @@ docopt==0.6.1 filelock==3.2.0; python_version <= '3.11' filelock==3.11.0; python_version >= "3.12" gitdb==4.0.1 -idna==2.5 +# idna>3 requires using requests >=2.26.0 +idna==3.7 imagesize==0.7.1 Jinja2==3.0.0; python_version == '3.6' Jinja2==3.1.3; python_version >= '3.7' @@ -195,7 +196,7 @@ python-dateutil==2.6.0 pyzmq==16.0.4; python_version <= '3.11' pyzmq==25.1.1; python_version >= '3.12' qtconsole==4.2.1 -requests==2.25.0; python_version == '3.6' +requests==2.26.0; python_version == '3.6' requests==2.31.0; python_version >= '3.7' requests-toolbelt==0.8.0 rfc3986==1.3.0 diff --git a/test-requirements.txt b/test-requirements.txt index 02a5e1e..986322d 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -22,7 +22,7 @@ pytest>=7.0.0 # virtualenv 20.2.1 started removing the prior pinning of importlib-metadata to <3 # tox 3.21.0 requires virtualenv!=20.0.[0-7],>=16.0.0 and requires Python >=3.5 virtualenv>=20.2.1,<20.16.3; python_version <= '3.7' -virtualenv>=20.2.1; python_version >= '3.8' +virtualenv>=20.23.0; python_version >= '3.8' # Indirect dependencies with special constraints: