Fixed safety issues from 07/25

Signed-off-by: Andreas Maier <[email protected]>
pywbem · Jul 25, 2023 · 381486a · 381486a
1 parent 2ca65cf
commit 381486a
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 8 deletions.
diff --git a/.safety-policy.yml b/.safety-policy.yml
@@ -45,8 +45,7 @@ security:
         50886:
             reason: Fixed Pygments version requires Python>=3.5 and is used there
         51457:
-            reason: Py package is not yet fixed (latest version 1.11.0)
-            expires: 2023-06-30
+            reason: Py package is no longer being fixed (latest version 1.11.0)
         51499:
             reason: Fixed Wheel version requires Python>=3.7 and is used there; Risk is on Pypi side
         52322:
@@ -73,6 +72,16 @@ security:
             reason: Jinja2, found in; 2.8.1, affected; <2.11.3
         54679:
             reason: Jinja2, found in; 2.8.1, affected; <2.10.1
+        58755:
+            reason: Fixed requests version 2.31.0 requires Python>=3.7 and is used there
+        58910:
+            reason: Fixed pygments version 2.15.0 requires Python>=3.7 and is used there
+        59071:
+            reason: Fixed tornado version 6.3.2 requires Python>=3.8 and is used there
+        59062:
+            reason: Fixed cryptography version 41.0.0 requires Python>=3.7 and is used there
+        39252:
+            reason: Fixed cryptography version 3.3 requires Python 2.7 or Python>=3.6 and is used there
 
 
     # Continue with exit code 0 when vulnerabilities are found.

diff --git a/minimum-constraints.txt b/minimum-constraints.txt
@@ -140,9 +140,9 @@ virtualenv==20.0.0; python_version >= '3.8'  # requires six<2,>=1.12.0
 # Additional indirect dependencies from pywbem
 # ordereddict==1.1
 ply==3.10
-requests==2.22.0; python_version == '2.7'
-requests==2.22.0; python_version >= '3.6' and python_version <= '3.9'
-requests==2.25.0; python_version >= '3.10'
+requests==2.25.0; python_version == '2.7'
+requests==2.25.0; python_version == '3.6'
+requests==2.31.0; python_version >= '3.7'
 # httpretty==0.9.5
 # lxml==4.2.4
 # decorator==4.0.11
@@ -202,7 +202,8 @@ GitPython==2.1.1; python_version == '3.6'
 GitPython==3.1.27; python_version >= '3.7'
 sphinxcontrib-websupport==1.1.2
 Pygments==2.1.3; python_version == '2.7'
-Pygments==2.7.4; python_version >= '3.6'
+Pygments==2.13.0; python_version == '3.6'
+Pygments==2.15.0; python_version >= '3.7'
 sphinx-rtd-theme==1.0.0
 Babel==2.7.0; python_version == '2.7'
 # Safety issue #42203  affected < 2.9.1
@@ -334,7 +335,10 @@ terminado==0.6
 testpath==0.3
 toml==0.10.0
 tomli==2.0.1; python_version >= '3.6'
-tornado==4.4.2
+tornado==4.4.2; python_version == '2.7'
+tornado==6.1; python_version == '3.6'
+tornado==6.2; python_version == '3.7'
+tornado==6.3.2; python_version >= '3.8'
 tqdm==4.28.1
 traceback2==1.4.0
 traitlets==4.3.1

diff --git a/rtd-requirements.txt b/rtd-requirements.txt
@@ -15,6 +15,7 @@ docutils>=0.14,<0.17; python_version >= '3.10'
 sphinx-git>=10.1.1
 GitPython>=2.1.1;
 Pygments>=2.1.3; python_version == '2.7'
-Pygments>=2.7.4; python_version >= '3.6'
+Pygments>=2.13.0; python_version == '3.6'
+Pygments>=2.15.0; python_version >= '3.7'
 # Issue #1218, bullet-list failure with v 0.5.2
 sphinx-rtd-theme>=1.0.0