On Tue, Jul 11, 2023 at 06:54:42PM +0200, Frank Wunderlich wrote:
Hi,
Btw. Githubs dependa-bot reports some security related issues with pythons setup-tools. As far as i see it should only affects tests...as i don't use the tests i cannot say if it breaks anything and so not send a patch in ML.
maybe this can be done directly in original uboot repo.
https://github.com/frank-w/u-boot/pull/6
I hope this way of reporting is ok :)
Yes, thanks for bringing this up. This has been addressed in next (and now master) with: commit b1574ddebd34fee83e4c11f9da54b52ba7198fa8 Author: Tom Rini trini@konsulko.com Date: Tue May 30 15:50:30 2023 -0400
python: Update requirements.txt for security issues
Per GitHub Dependabot: - Use setuptools 65.5.1 to avoid some DoS issue - Use requests 2.31.0 to avoid leaking some proxy information
Signed-off-by: Tom Rini trini@konsulko.com Tested-by: Heinrich Schuchardt xypron.glpk@gmx.de
But wasn't merged for the release as the issues themselves are overall not something U-Boot hits but rather just parts of the frameworks we use for testing and doc generation.