Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update requests to fix CVEs (security) #6062

Closed
wants to merge 21 commits into from
Closed

Update requests to fix CVEs (security) #6062

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
2bb9a6d
Bump gitpython to 3.1.37
jk464 Nov 6, 2023
c6fd050
Bump requests to 2.31.0
jk464 Nov 6, 2023
f26c1fb
Bump importlib-metadata to 4.10.1
jk464 Nov 6, 2023
ee92b82
Bump virtualenv to 20.16.7
jk464 Nov 6, 2023
62f6f27
CHANGELOG for CVE fixes #6062
jk464 Nov 6, 2023
38a7f74
Bump, for py3.7+, cryptography to 41.0.4, pyopenssl to 23.2.0
jk464 Nov 7, 2023
61b47db
Add support for evaluating requirement markers
jk464 Nov 7, 2023
020c261
Revert "Add support for evaluating requirement markers"
jk464 Nov 7, 2023
62835c6
Revert "Bump virtualenv to 20.16.7"
jk464 Nov 7, 2023
e733e5d
fixup! Bump importlib-metadata to 4.10.1
jk464 Nov 7, 2023
21468f1
fixup! Bump importlib-metadata to 4.10.1
jk464 Nov 7, 2023
9e42739
Merge branch 'master' into bugfix/cves
arm4b Nov 24, 2023
e2a07d9
Update requests and importlib-metadata only
arm4b Nov 24, 2023
de32bf6
Update the Changelog
arm4b Nov 24, 2023
04e3360
Update argcomplete to 1.12.3 to be compatible with importlib-metadata<5
arm4b Nov 24, 2023
98cb808
Add code comments for updated dependencies for py3.6 vs py3.8
arm4b Nov 24, 2023
9c19042
Update st2-auth-ldap sha in pants lock
arm4b Nov 24, 2023
c7f13e7
Workaround conflict when incompatible urllib3 v2 is installed under t…
arm4b Nov 24, 2023
0a553fd
Try1: fix urllib3 py3.6
arm4b Nov 24, 2023
0d94e19
Revert urllib3 py3.6 workarounds
arm4b Nov 24, 2023
e16b325
Merge branch 'master' into bugfix/cves
arm4b Nov 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,9 @@ Fixed
* Update importlib-metadata from 3.10.1 to 4.8.3 for py3.6 and to 4.10.1 for py3.8 (security). #6072
Contributed by @jk464

* Update requests from 2.25.1 to 2.27.1 for py3.6 and to 2.31.0 for py3.8 (security). #6062
Contributed by @jk464

Added
~~~~~
* Move `git clone` to `user_home/.st2packs` #5845
Expand Down
4 changes: 3 additions & 1 deletion fixed-requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,9 @@ pytz==2021.1
pywinrm==0.4.1
pyyaml==5.4.1
redis==4.1.4
requests[security]==2.25.1
# Note: installs requests[security]==2.31.0 (security fixed) under py3.8 and requests[security]==2.27.1 (latest available, vulnerable) under py3.6
# TODO: Pin explicitly after dropping python3.6 support
requests[security]>=2.27.1,<=2.31.0
retrying==1.3.3
routes==2.4.1
semver==2.13.0
Expand Down
2 changes: 1 addition & 1 deletion lockfiles/st2.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4009,7 +4009,7 @@
"artifacts": [
{
"algorithm": "sha256",
"hash": "c521a3dfc6948a6a57da4dcaa48e0b3390fadcf00d36e3948510cd1c32a10d96",
"hash": "29c6ff480b24e4bc316ed69eac5503c71f4700ed17649ae5c5ca8cd745e5852f",
"url": "git+https://github.com/StackStorm/st2-auth-ldap.git@master"
}
],
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ pywinrm==0.4.1
pyyaml==5.4.1
redis==4.1.4
rednose
requests[security]==2.25.1
requests[security]>=2.27.1,<=2.31.0
retrying==1.3.3
routes==2.4.1
semver==2.13.0
Expand Down
2 changes: 1 addition & 1 deletion st2actions/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,5 @@ pyparsing<3
python-dateutil==2.8.1
python-json-logger
pyyaml==5.4.1
requests[security]==2.25.1
requests[security]>=2.27.1,<=2.31.0
six==1.13.0
2 changes: 1 addition & 1 deletion st2client/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ python-dateutil==2.8.1
python-editor==1.0.4
pytz==2021.1
pyyaml==5.4.1
requests[security]==2.25.1
requests[security]>=2.27.1,<=2.31.0
six==1.13.0
sseclient-py==1.7
typing-extensions<4.2
Expand Down
2 changes: 1 addition & 1 deletion st2common/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ python-dateutil==2.8.1
python-statsd==2.1.0
pyyaml==5.4.1
redis==4.1.4
requests[security]==2.25.1
requests[security]>=2.27.1,<=2.31.0
retrying==1.3.3
routes==2.4.1
semver==2.13.0
Expand Down