Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix safety issues by update lockfile #7

Merged
merged 1 commit into from
Feb 28, 2024
Merged

Fix safety issues by update lockfile #7

merged 1 commit into from
Feb 28, 2024

Conversation

foarsitter
Copy link
Collaborator

Safety found 7 vulnerabilities in our lockfile. Running poetry update results in the following updates.

• Installing authlib (1.3.0)
• Installing marshmallow (3.21.0)
• Installing pydantic (1.10.14)
• Installing safety-schemas (0.0.2)
• Installing typer (0.9.0)
• Removing gitdb (4.0.10)
• Removing gitpython (3.1.37)
• Removing smmap (5.0.0)
• Updating attrs (23.1.0 -> 23.2.0)
• Updating babel (2.12.1 -> 2.14.0)
• Updating bandit (1.7.5 -> 1.7.7)
• Updating beautifulsoup4 (4.12.2 -> 4.12.3)
• Updating black (23.7.0 -> 24.2.0)
• Updating certifi (2023.7.22 -> 2024.2.2)
• Updating cffi (1.15.1 -> 1.16.0)
• Updating cfgv (3.3.1 -> 3.4.0)
• Updating chardet (5.1.0 -> 5.2.0)
• Updating charset-normalizer (3.2.0 -> 3.3.2)
• Updating click (8.1.5 -> 8.1.7)
• Updating contourpy (1.1.0 -> 1.1.1)
• Updating coverage (7.2.7 -> 7.4.3)
• Updating cryptography (41.0.4 -> 42.0.5)
• Updating cycler (0.11.0 -> 0.12.1)
• Updating distlib (0.3.6 -> 0.3.8)
• Updating dparse (0.6.3 -> 0.6.4b0)
• Updating filelock (3.12.4 -> 3.13.1)
• Updating fonttools (4.41.0 -> 4.49.0)
• Updating furo (2023.9.10 -> 2024.1.29)
• Updating identify (2.5.29 -> 2.5.35)
• Updating idna (3.4 -> 3.6)
• Updating isort (5.12.0 -> 5.13.2)
• Updating jinja2 (3.1.2 -> 3.1.3)
• Updating markupsafe (2.1.3 -> 2.1.5)
• Updating matplotlib (3.7.2 -> 3.7.5)
• Updating mypy (1.4.1 -> 1.8.0)
• Updating opencv-python (4.8.1.78 -> 4.9.0.80)
• Updating packaging (23.1 -> 23.2)
• Updating pathspec (0.11.1 -> 0.12.1)
• Updating pbr (5.11.1 -> 6.0.0)
• Updating pillow (10.0.0 -> 10.2.0)
• Updating platformdirs (3.8.1 -> 4.2.0)
• Updating pluggy (1.2.0 -> 1.4.0)
• Updating pre-commit (3.4.0 -> 3.5.0)
• Updating pre-commit-hooks (4.4.0 -> 4.5.0)
• Updating pygments (2.15.1 -> 2.17.2)
• Updating pyparsing (3.0.9 -> 3.1.1)
• Updating pypdf (3.12.1 -> 3.17.4)
• Updating pytest (7.4.0 -> 8.0.2)
• Updating pytz (2023.3 -> 2024.1)
• Updating pyyaml (6.0 -> 6.0.1)
• Updating rich (13.4.2 -> 13.7.0)
• Updating ruamel-yaml (0.17.32 -> 0.18.6)
• Updating ruamel-yaml-clib (0.2.7 -> 0.2.8)
• Updating safety (2.3.4 -> 3.0.1)
• Updating setuptools (68.0.0 -> 69.1.1)
• Updating soupsieve (2.4.1 -> 2.5)
• Updating sphinx (7.0.1 -> 7.1.2)
• Updating sphinx-click (4.4.0 -> 5.1.0)
• Updating stevedore (5.1.0 -> 5.2.0)
• Updating tokenize-rt (5.1.0 -> 5.2.0)
• Updating tornado (6.3.3 -> 6.4)
• Updating typeguard (4.0.0 -> 4.1.5)
• Updating typing-extensions (4.7.1 -> 4.10.0)
• Updating urllib3 (2.0.3 -> 2.2.1)
• Updating virtualenv (20.24.0 -> 20.25.1)
• Updating xdoctest (1.1.1 -> 1.1.3)

@foarsitter
Poetry update
15223e6 
  • Installing authlib (1.3.0)
  • Installing marshmallow (3.21.0)
  • Installing pydantic (1.10.14)
  • Installing safety-schemas (0.0.2)
  • Installing typer (0.9.0)
  • Removing gitdb (4.0.10)
  • Removing gitpython (3.1.37)
  • Removing smmap (5.0.0)
  • Updating attrs (23.1.0 -> 23.2.0)
  • Updating babel (2.12.1 -> 2.14.0)
  • Updating bandit (1.7.5 -> 1.7.7)
  • Updating beautifulsoup4 (4.12.2 -> 4.12.3)
  • Updating black (23.7.0 -> 24.2.0)
  • Updating certifi (2023.7.22 -> 2024.2.2)
  • Updating cffi (1.15.1 -> 1.16.0)
  • Updating cfgv (3.3.1 -> 3.4.0)
  • Updating chardet (5.1.0 -> 5.2.0)
  • Updating charset-normalizer (3.2.0 -> 3.3.2)
  • Updating click (8.1.5 -> 8.1.7)
  • Updating contourpy (1.1.0 -> 1.1.1)
  • Updating coverage (7.2.7 -> 7.4.3)
  • Updating cryptography (41.0.4 -> 42.0.5)
  • Updating cycler (0.11.0 -> 0.12.1)
  • Updating distlib (0.3.6 -> 0.3.8)
  • Updating dparse (0.6.3 -> 0.6.4b0)
  • Updating filelock (3.12.4 -> 3.13.1)
  • Updating fonttools (4.41.0 -> 4.49.0)
  • Updating furo (2023.9.10 -> 2024.1.29)
  • Updating identify (2.5.29 -> 2.5.35)
  • Updating idna (3.4 -> 3.6)
  • Updating isort (5.12.0 -> 5.13.2)
  • Updating jinja2 (3.1.2 -> 3.1.3)
  • Updating markupsafe (2.1.3 -> 2.1.5)
  • Updating matplotlib (3.7.2 -> 3.7.5)
  • Updating mypy (1.4.1 -> 1.8.0)
  • Updating opencv-python (4.8.1.78 -> 4.9.0.80)
  • Updating packaging (23.1 -> 23.2)
  • Updating pathspec (0.11.1 -> 0.12.1)
  • Updating pbr (5.11.1 -> 6.0.0)
  • Updating pillow (10.0.0 -> 10.2.0)
  • Updating platformdirs (3.8.1 -> 4.2.0)
  • Updating pluggy (1.2.0 -> 1.4.0)
  • Updating pre-commit (3.4.0 -> 3.5.0)
  • Updating pre-commit-hooks (4.4.0 -> 4.5.0)
  • Updating pygments (2.15.1 -> 2.17.2)
  • Updating pyparsing (3.0.9 -> 3.1.1)
  • Updating pypdf (3.12.1 -> 3.17.4)
  • Updating pytest (7.4.0 -> 8.0.2)
  • Updating pytz (2023.3 -> 2024.1)
  • Updating pyyaml (6.0 -> 6.0.1)
  • Updating rich (13.4.2 -> 13.7.0)
  • Updating ruamel-yaml (0.17.32 -> 0.18.6)
  • Updating ruamel-yaml-clib (0.2.7 -> 0.2.8)
  • Updating safety (2.3.4 -> 3.0.1)
  • Updating setuptools (68.0.0 -> 69.1.1)
  • Updating soupsieve (2.4.1 -> 2.5)
  • Updating sphinx (7.0.1 -> 7.1.2)
  • Updating sphinx-click (4.4.0 -> 5.1.0)
  • Updating stevedore (5.1.0 -> 5.2.0)
  • Updating tokenize-rt (5.1.0 -> 5.2.0)
  • Updating tornado (6.3.3 -> 6.4)
  • Updating typeguard (4.0.0 -> 4.1.5)
  • Updating typing-extensions (4.7.1 -> 4.10.0)
  • Updating urllib3 (2.0.3 -> 2.2.1)
  • Updating virtualenv (20.24.0 -> 20.25.1)
  • Updating xdoctest (1.1.1 -> 1.1.3)
@foarsitter
Copy link
Collaborator Author

@MartinThoma can you enable dependabot after merging this? Or give me the permissions :)

bosd
bosd approved these changes Feb 28, 2024
View reviewed changes
Copy link
Collaborator

@bosd bosd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@foarsitter foarsitter merged commit 567520b into main Feb 28, 2024
22 checks passed
@foarsitter foarsitter deleted the update_lockfile branch February 28, 2024 08:40
@bosd
Copy link
Collaborator

bosd commented Aug 6, 2024

@MartinThoma can you enable dependabot after merging this? Or give me the permissions :)

Ping @MartinThoma Can you please attend to this?
(Safety is broken again.)

@bosd bosd added build Build System and Dependencies dependencies Pull requests that update a dependency file labels Aug 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bosd bosd bosd approved these changes

Assignees
No one assigned
Labels
build Build System and Dependencies dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@foarsitter @bosd