Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sync security updates to main. [NO MERGE] #897

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Conversation

kbecker42
Copy link

@kbecker42 kbecker42 commented Jan 8, 2024

  • Sync security-updates branch to main.

Re: #890

kbecker42 and others added 4 commits January 5, 2024 11:23
…890)

* Bump requests from 2.26.0 to 2.31.0

Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.26.0...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump cryptography from 3.4.8 to 41.0.2

Bumps [cryptography](https://github.com/pyca/cryptography) from 3.4.8 to 41.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@3.4.8...41.0.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump certifi from 2021.5.30 to 2023.7.22

Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.5.30 to 2023.7.22.
- [Commits](certifi/python-certifi@2021.05.30...2023.07.22)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* Updated libs to address all Critical and High severity alerts.

* up

* up

* up

* Updated libs.

* fix

* up

* up

* up

* up

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump requests from 2.26.0 to 2.31.0

Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.26.0...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump cryptography from 3.4.8 to 41.0.2

Bumps [cryptography](https://github.com/pyca/cryptography) from 3.4.8 to 41.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@3.4.8...41.0.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump certifi from 2021.5.30 to 2023.7.22

Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.5.30 to 2023.7.22.
- [Commits](certifi/python-certifi@2021.05.30...2023.07.22)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* Updated libs to address all Critical and High severity alerts.

* up

* up

* up

* Updated libs.

* fix

* up

* up

* up

* up

* Pillow 10.1.0

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# Conflicts:
#	pybossa/themes/default
@kbecker42 kbecker42 changed the title Sync security updates. Sync security updates to main. Jan 8, 2024
@kbecker42 kbecker42 requested a review from dchhabda January 8, 2024 18:23
@coveralls
Copy link

coveralls commented Jan 8, 2024

Pull Request Test Coverage Report for Build 12318796322

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 94.105%

Totals Coverage Status
Change from base Build 12317546136: 0.0%
Covered Lines: 17449
Relevant Lines: 18542

💛 - Coveralls

dchhabda
dchhabda previously approved these changes Dec 4, 2024
Copy link

@dchhabda dchhabda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice to have list of updates that are coming in with multiple libraries getting updated here so as to understand any particular area to be tested thoroughly. Approving PR as we discussed to rely on smoke test. Please hold on merge this PR until tests in dev is complete. Thanks!

@dchhabda dchhabda changed the title Sync security updates to main. [DO-NOT-MERGE] Sync security updates to main. Dec 4, 2024
@kbecker42 kbecker42 added the wip label Dec 4, 2024
@kbecker42 kbecker42 changed the title [DO-NOT-MERGE] Sync security updates to main. Sync security updates to main. Dec 9, 2024
@kbecker42 kbecker42 added wip and removed wip labels Dec 9, 2024
@kbecker42 kbecker42 changed the title Sync security updates to main. Sync security updates to main. [NO MERGE] Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants