From 5aa738fcfb4a3dd5a8eb33c9a94a9294bcfefc33 Mon Sep 17 00:00:00 2001
From: Kory Becker <50708624+kbecker42@users.noreply.github.com>
Date: Thu, 2 Jan 2025 16:32:09 -0500
Subject: [PATCH] Sync security updates to main. (#897)

* RDISCROWD-6713 Lib upgrades to fix Critical and High severity alerts (#890)

* Bump requests from 2.26.0 to 2.31.0

Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.26.0...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump cryptography from 3.4.8 to 41.0.2

Bumps [cryptography](https://github.com/pyca/cryptography) from 3.4.8 to 41.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.4.8...41.0.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump certifi from 2021.5.30 to 2023.7.22

Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.5.30 to 2023.7.22.
- [Commits](https://github.com/certifi/python-certifi/compare/2021.05.30...2023.07.22)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated libs to address all Critical and High severity alerts.

* up

* up

* up

* Updated libs.

* fix

* up

* up

* up

* up

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* RDISCROWD-6713 Pillow 10.1.0 (#895)

* Bump requests from 2.26.0 to 2.31.0

Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.26.0...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump cryptography from 3.4.8 to 41.0.2

Bumps [cryptography](https://github.com/pyca/cryptography) from 3.4.8 to 41.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.4.8...41.0.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump certifi from 2021.5.30 to 2023.7.22

Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.5.30 to 2023.7.22.
- [Commits](https://github.com/certifi/python-certifi/compare/2021.05.30...2023.07.22)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated libs to address all Critical and High severity alerts.

* up

* up

* up

* Updated libs.

* fix

* up

* up

* up

* up

* Pillow 10.1.0

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* pyOpenSSL==22.1.0

* Updated libs.

* Minimum updates per depend bot.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 setup.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/setup.py b/setup.py
index 5a4a50b97..be4009697 100644
--- a/setup.py
+++ b/setup.py
@@ -12,7 +12,7 @@
     "botocore==1.31.62",
     "cachelib==0.3.0",
     "cachetools==4.2.2",
-    "certifi==2021.5.30",
+    "certifi==2023.7.22",
     "cffi==1.14.6",
     "chardet==4.0.0",
     "charset-normalizer==2.0.6",
@@ -21,7 +21,7 @@
     "cov-core==1.15.0",
     "coverage==5.5",
     "croniter==1.0.15",
-    "cryptography==3.4.8",
+    "cryptography==41.0.2",
     "cssselect==1.1.0",
     "debtcollector==2.3.0",
     "decorator==5.1.0",
@@ -116,7 +116,7 @@
     "pykerberos==1.2.1",
     "PyLD==1.0.4",  # "PyLD==2.0.3", 1.0.4 version resolves pyld.jsonld.JsonLdError
     "pyldap==3.0.0.post1",
-    "pyOpenSSL==21.0.0",
+    "pyOpenSSL==23.2.0",
     "pyparsing==2.4.7",
     "python-dateutil==2.8.2",
     "python-editor==1.0.4",
@@ -133,7 +133,7 @@
     "readability-lxml==0.8.1",
     "redis==3.5.3",
     "rednose==1.3.0",
-    "requests==2.26.0",
+    "requests==2.31.0",
     "requests-kerberos==0.12.0",
     "requests-oauthlib==1.1.0",
     "rfc3986==1.5.0",