Skip to content

Commit

Permalink
chore(deps): bump min versions per snyk (#4318)
Browse files Browse the repository at this point in the history
Snyk recommended bumping a few minimum versions to avoid
vulnerabilities.

This replaces the following couple of issues because I didn't think it
was worth running tests twice for the different files:
* closes #4296
* closes #4295

Signed-off-by: Terri Oda <[email protected]>
  • Loading branch information
terriko authored Aug 8, 2024
1 parent a158155 commit e4239bd
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 4 deletions.
1 change: 1 addition & 0 deletions doc/requirements.csv
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@ anthonyharrison_not_in_db,sbom2doc
pillow,pillow
python,requests
python,urllib3
jaraco,zipp
1 change: 1 addition & 0 deletions doc/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,4 @@ sbom2doc
pillow>=10.3.0 # not directly required, pinned by Snyk to avoid a vulnerability
requests>=2.32.2 # not directly required, pinned by Snyk to avoid a vulnerability
urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability
zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
1 change: 1 addition & 0 deletions requirements.csv
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,4 @@ anthonyharrison_not_in_db,lib4vex
the_purl_authors_not_in_db,packageurl-python
h2non,filetype
python,setuptools
jaraco,zipp
9 changes: 5 additions & 4 deletions requirements.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
aiohttp[speedups]>=3.9.2
aiohttp[speedups]>=3.9.4
beautifulsoup4
cvss
defusedxml
Expand All @@ -16,11 +16,12 @@ packageurl-python
packaging
plotly
pyyaml>=5.4
requests>=2.32.0
requests>=2.32.2
rich
rpmfile>=1.0.6
setuptools>=65.5.1 # pinned by Snyk to avoid a vulnerability
setuptools>=70.0.0 # pinned by Snyk to avoid a vulnerability
toml; python_version < "3.11"
urllib3>=1.26.5 # dependency of requests added explictly to avoid CVEs
urllib3>=2.2.2 # dependency of requests added explictly to avoid CVEs
xmlschema
zstandard; python_version >= "3.4"
zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability

0 comments on commit e4239bd

Please sign in to comment.