Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated various dependencies to reduce vulnerabilities #2958

Open
wants to merge 23 commits into
base: master
Choose a base branch
from
Open

Updated various dependencies to reduce vulnerabilities #2958

wants to merge 23 commits into from
+5 −3

Conversation

beac0n5
Copy link

@beac0n5 beac0n5 commented Apr 24, 2024
edited

Description

Updated AIOHTTP to reduce vulnerabilities ->=3.9.4

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.
Synk-Bot

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works

snyk-bot and others added 6 commits April 1, 2024 18:17
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
b4d9767 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6514866
@snyk-bot
fix: requirements-dev.txt to reduce vulnerabilities
9413bf6 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6645291
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
67a4fdc 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6645291
@beac0n5
Merge pull request #6 from beac0n5/snyk-fix-ce69b0ce6e2bba2278083d04b…
99d9c34 
…4c010bb

[Snyk] Security upgrade aiohttp from 3.8.6 to 3.9.4
@beac0n5
Merge pull request #5 from beac0n5/snyk-fix-56c5a6fd9a3ca9ce64a8e8214…
7ae98fc 
…0023634

[Snyk] Security upgrade aiohttp from 3.8.6 to 3.9.4
@beac0n5
Merge branch 'mitre:master' into master
82a367a
beac0n5 and others added 10 commits April 26, 2024 16:14
@beac0n5
Merge branch 'mitre:master' into master
8b048f2
@beac0n5
Merge branch 'mitre:master' into master
02870a0
@snyk-bot
fix: Dockerfile to reduce vulnerabilities
b99acd6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-UBUNTU2304-GLIBC-5919743
- https://snyk.io/vuln/SNYK-UBUNTU2304-GLIBC-5919743
- https://snyk.io/vuln/SNYK-UBUNTU2304-GNUTLS28-6172202
- https://snyk.io/vuln/SNYK-UBUNTU2304-GNUTLS28-6172713
- https://snyk.io/vuln/SNYK-UBUNTU2304-PAM-6170209
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
ed89788 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6808823
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6592767
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
66f2ec0 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379
@beac0n5
Merge pull request #11 from beac0n5/snyk-fix-07f0789b7e273bbfc02a60dc…
9c54864 
…539a872e

[Snyk] Security upgrade jinja2 from 3.1.3 to 3.1.4
@beac0n5
Merge pull request #9 from beac0n5/snyk-fix-092fcda0e84a7aee1b3ea1c68…
5ebad26 
…a850d28

[Snyk] Security upgrade ubuntu from 23.04 to mantic-20240427
@beac0n5
Merge pull request #10 from beac0n5/snyk-fix-a54a627fdd5ae48cc37590bd…
2c7aa66 
…9bec012d

[Snyk] Fix for 2 vulnerabilities
@beac0n5
Merge pull request #3 from beac0n5/snyk-fix-9185a7a0799aa31f32e46b617…
6a893db 
…45e5dd9

[Snyk] Security upgrade pillow from 9.5.0 to 10.3.0
@beac0n5
Merge branch 'mitre:master' into master
e1ee8c2
@beac0n5 beac0n5 changed the title Updated AIOHTTP to reduce vulnerabilities ->=3.9.4 Updated various dependencies to reduce vulnerabilities May 8, 2024
@elegantmoose
Copy link
Contributor

@clenk Might have to review this one as Im hesitant to accept knowing we have had issues with those libs in the past.

@elegantmoose elegantmoose requested a review from clenk May 9, 2024 03:26
beac0n5 and others added 7 commits May 9, 2024 17:51
@beac0n5
Merge branch 'master' into master
53def20
@beac0n5
Update requirements.txt manually
7fd96b5 
downgraded jinja to 3.1.2 to avoid a vulnerability of 3.1.3 as upgrading to 3.1.4 breaks the CI/CD tests
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
61f5971 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379
@beac0n5
Merge pull request #12 from beac0n5/snyk-fix-ed8ee952b1347aa2277b07f0…
54bad4b 
…d1b6df39

[Snyk] Security upgrade jinja2 from 3.1.2 to 3.1.4
@beac0n5
Revert "[Snyk] Security upgrade aiohttp from 3.8.6 to 3.9.4"
23050d1
@beac0n5
Merge pull request #14 from beac0n5/revert-6-snyk-fix-ce69b0ce6e2bba2…
1e90995 
…278083d04b4c010bb

Revert "[Snyk] Security upgrade aiohttp from 3.8.6 to 3.9.4"
@beac0n5
Update requirements.txt
56787d9 
rev jinja 3.1.4 to 3.1.2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elegantmoose elegantmoose Awaiting requested review from elegantmoose elegantmoose is a code owner

@clenk clenk Awaiting requested review from clenk

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@beac0n5 @elegantmoose @snyk-bot