[PATCH 1/1] python: Update requirements.txt for security issues
Per GitHub Dependabot: - Use setuptools 65.5.1 to avoid some DoS issue - Use requests 2.31.0 to avoid leaking some proxy information
Signed-off-by: Tom Rini trini@konsulko.com --- Cc: Simon Glass sjg@chromium.org Cc: Heinrich Schuchardt xypron.glpk@gmx.de --- doc/sphinx/requirements.txt | 2 +- test/py/requirements.txt | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/doc/sphinx/requirements.txt b/doc/sphinx/requirements.txt index f9f6cc6e928b..aed449211711 100644 --- a/doc/sphinx/requirements.txt +++ b/doc/sphinx/requirements.txt @@ -11,7 +11,7 @@ packaging==21.3 Pygments==2.11.2 pyparsing==3.0.7 pytz==2022.1 -requests==2.27.1 +requests==2.31.0 six==1.16.0 snowballstemmer==2.2.0 Sphinx==3.4.3 diff --git a/test/py/requirements.txt b/test/py/requirements.txt index 86d6266053fd..f7e76bdb9181 100644 --- a/test/py/requirements.txt +++ b/test/py/requirements.txt @@ -20,8 +20,8 @@ pytest==6.2.5 pytest-xdist==2.5.0 python-mimeparse==1.6.0 python-subunit==1.3.0 -requests==2.27.1 -setuptools==58.3.0 +requests==2.31.0 +setuptools==65.5.1 six==1.16.0 testtools==2.3.0 traceback2==1.4.0
On 5/30/23 21:50, Tom Rini wrote:
Per GitHub Dependabot:
- Use setuptools 65.5.1 to avoid some DoS issue
- Use requests 2.31.0 to avoid leaking some proxy information
Signed-off-by: Tom Rini trini@konsulko.com
Documentation builds fine with the patch.
Tested-by: Heinrich Schuchardt xypron.glpk@gmx.de
Cc: Simon Glass sjg@chromium.org Cc: Heinrich Schuchardt xypron.glpk@gmx.de
doc/sphinx/requirements.txt | 2 +- test/py/requirements.txt | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/doc/sphinx/requirements.txt b/doc/sphinx/requirements.txt index f9f6cc6e928b..aed449211711 100644 --- a/doc/sphinx/requirements.txt +++ b/doc/sphinx/requirements.txt @@ -11,7 +11,7 @@ packaging==21.3 Pygments==2.11.2 pyparsing==3.0.7 pytz==2022.1 -requests==2.27.1 +requests==2.31.0 six==1.16.0 snowballstemmer==2.2.0 Sphinx==3.4.3 diff --git a/test/py/requirements.txt b/test/py/requirements.txt index 86d6266053fd..f7e76bdb9181 100644 --- a/test/py/requirements.txt +++ b/test/py/requirements.txt @@ -20,8 +20,8 @@ pytest==6.2.5 pytest-xdist==2.5.0 python-mimeparse==1.6.0 python-subunit==1.3.0 -requests==2.27.1 -setuptools==58.3.0 +requests==2.31.0 +setuptools==65.5.1 six==1.16.0 testtools==2.3.0 traceback2==1.4.0
On Tue, May 30, 2023 at 03:50:30PM -0400, Tom Rini wrote:
Per GitHub Dependabot:
- Use setuptools 65.5.1 to avoid some DoS issue
- Use requests 2.31.0 to avoid leaking some proxy information
Signed-off-by: Tom Rini trini@konsulko.com Tested-by: Heinrich Schuchardt xypron.glpk@gmx.de
Applied to u-boot/next, thanks!
participants (2)
-
Heinrich Schuchardt -
Tom Rini