From 57720cd95158e28cdaea149906240dff6bdf20c7 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Fri, 22 Mar 2024 11:09:19 +0000 Subject: [PATCH 1/6] Bump upper-constraints to resolve critical vulnerabilities 2023.1 --- upper-constraints.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upper-constraints.txt b/upper-constraints.txt index 09d84ba21..cfff45c1e 100644 --- a/upper-constraints.txt +++ b/upper-constraints.txt @@ -431,7 +431,7 @@ xmltodict===0.13.0 pyasn1===0.4.8 directord===0.12.0 oslo.rootwrap===7.0.1 -Django===3.2.16 +Django===3.2.19 pexpect===4.8.0 contextvars===2.4 cmd2===2.4.2 From b6a0d3b11425a0fc08fd043b0d02c92ef9c51539 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Mon, 25 Mar 2024 09:00:26 +0000 Subject: [PATCH 2/6] Fix high vulnerabilites --- upper-constraints.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/upper-constraints.txt b/upper-constraints.txt index cfff45c1e..ee1fc2306 100644 --- a/upper-constraints.txt +++ b/upper-constraints.txt @@ -183,7 +183,7 @@ PyYAML===6.0 beautifulsoup4===4.11.1 os-net-config===16.0.0 ovs===2.17.7 -cryptography===38.0.2 +cryptography===42.0.4 httpcore===0.15.0 URLObject===2.4.3 nocasedict===1.0.4 @@ -431,7 +431,7 @@ xmltodict===0.13.0 pyasn1===0.4.8 directord===0.12.0 oslo.rootwrap===7.0.1 -Django===3.2.19 +Django===3.2.23 pexpect===4.8.0 contextvars===2.4 cmd2===2.4.2 @@ -457,7 +457,7 @@ dfs-sdk===1.2.27 sentinels===1.0.0 kombu===5.2.4 distro===1.7.0 -zstd===1.5.2.6 +zstd===1.5.4.0 yaql===3.0.0 requestsexceptions===1.4.0 testresources===2.0.1 @@ -502,7 +502,7 @@ os-vif===3.1.1 hyperlink===21.0.0 mitba===1.1.1 python-masakariclient===8.1.0 -Werkzeug===2.2.2 +Werkzeug===2.2.3 pyasn1-modules===0.2.8 APScheduler===3.9.1 monotonic===1.6 @@ -558,7 +558,7 @@ confluent-kafka===1.9.2 xvfbwrapper===0.2.9 tosca-parser===2.8.0 charset-normalizer===2.1.1 -Flask===2.2.2 +Flask===2.2.5 httpx===0.23.0 sqlalchemy-filters===0.12.0 marathon===0.13.0 From d7a8a0a8abbbf6652d3c00d2cd15f5e5ec229248 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Mon, 25 Mar 2024 09:46:37 +0000 Subject: [PATCH 3/6] revert cryptography version for temporary --- upper-constraints.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upper-constraints.txt b/upper-constraints.txt index ee1fc2306..25ac07f54 100644 --- a/upper-constraints.txt +++ b/upper-constraints.txt @@ -183,7 +183,7 @@ PyYAML===6.0 beautifulsoup4===4.11.1 os-net-config===16.0.0 ovs===2.17.7 -cryptography===42.0.4 +cryptography===38.0.2 httpcore===0.15.0 URLObject===2.4.3 nocasedict===1.0.4 From 47d3fef701b40abfc9dea7449c78de39e80f3d0c Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Mon, 25 Mar 2024 12:08:00 +0000 Subject: [PATCH 4/6] Bump cryptography with pyOpenSSL --- upper-constraints.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/upper-constraints.txt b/upper-constraints.txt index 25ac07f54..18b223307 100644 --- a/upper-constraints.txt +++ b/upper-constraints.txt @@ -101,7 +101,7 @@ simplejson===3.17.6 types-paramiko===2.11.6 immutables===0.19 python-swiftclient===4.2.0 -pyOpenSSL===22.1.0 +pyOpenSSL===24.0.0 monasca-common===3.7.0 zeroconf===0.39.1 scipy===1.9.1 @@ -183,7 +183,7 @@ PyYAML===6.0 beautifulsoup4===4.11.1 os-net-config===16.0.0 ovs===2.17.7 -cryptography===38.0.2 +cryptography===42.0.4 httpcore===0.15.0 URLObject===2.4.3 nocasedict===1.0.4 From 7effc98d760b255a7923c6f9f6eab80ba5ea90da Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 17 Apr 2024 13:24:59 +0100 Subject: [PATCH 5/6] Bump sqlparse to fix GHSA-2m57-hf25-phgg --- upper-constraints.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upper-constraints.txt b/upper-constraints.txt index 18b223307..38d127616 100644 --- a/upper-constraints.txt +++ b/upper-constraints.txt @@ -127,7 +127,7 @@ doc8===0.11.2 pymongo===4.2.0 python-cloudkittyclient===4.7.0 soupsieve===2.3.2.post1 -sqlparse===0.4.3 +sqlparse===0.5.0 oslotest===4.5.0 jsonpointer===2.3 defusedxml===0.7.1 From 0a571fc66a65c34802a85ec8121e18807c6e5c6b Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 17 Apr 2024 14:16:49 +0100 Subject: [PATCH 6/6] Bump gunicorn to fix CVE-2024-1135 --- upper-constraints.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upper-constraints.txt b/upper-constraints.txt index 38d127616..78e956d41 100644 --- a/upper-constraints.txt +++ b/upper-constraints.txt @@ -198,7 +198,7 @@ requests-mock===1.10.0 os-apply-config===13.1.0 prometheus-client===0.14.1 oslosphinx===4.18.0 -gunicorn===20.1.0 +gunicorn===22.0.0 storpool===7.1.0 textfsm===1.1.2 python-3parclient===4.2.12