From 67abe596a56d9092220a779bd0f693c28dd987d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Brunner?= Date: Fri, 4 Feb 2022 09:43:21 +0100 Subject: [PATCH] Fix CVE ``` +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | urllib3 | 1.25.9 | <1.26.5 | 43975 | +==============================================================================+ | Urllib3 1.26.5 includes a fix for CVE-2021-33503: An issue was discovered in | | urllib3 before 1.26.5. When provided with a URL containing many @ characters | | in the authority component, the authority regular expression exhibits | | catastrophic backtracking, causing a denial of service if a URL were passed | | as a parameter or redirected to via an HTTP redirect. | | https://github.com/advisories/GHSA-q2q7-5pp4-w6pg | +==============================================================================+ | numpy | 1.21.5 | <1.22.0 | 44716 | +==============================================================================+ | Numpy 1.22.0 includes a fix for CVE-2021-41496: A buffer overflow in the | | array_from_pyobj function of fortranobject.c, which allows attackers to | | conduct a Denial of Service attacks by carefully constructing an array with | | negative values. | | https://github.com/numpy/numpy/issues/19000 | +==============================================================================+ | numpy | 1.21.5 | <1.22.0 | 44717 | +==============================================================================+ | Numpy 1.22.0 includes a fix for CVE-2021-34141: An incomplete string | | comparison in the numpy.core component in NumPy before 1.22.0 allows | | attackers to trigger slightly incorrect copying by constructing specific | | string objects. NOTE: the vendor states that this reported code behavior is | | "completely harmless." | | https://github.com/numpy/numpy/issues/18993 | +==============================================================================+ | numpy | 1.21.5 | >0 | 44715 | +==============================================================================+ | All versions of Numpy are affected by CVE-2021-41495: A null Pointer | | Dereference vulnerability exists in numpy.sort, in the PyArray_DescrNew | | function due to missing return-value validation, which allows attackers to | | conduct DoS attacks by repetitively creating sort arrays. | | https://github.com/numpy/numpy/issues/19038 | +==============================================================================+ | pillow | 8.3.2 | <9.0.0 | 44487 | +==============================================================================+ | Pillow 9.0.0 includes a fix for CVE-2022-22817: PIL.ImageMath.eval in Pillow | | before 9.0.0 allows evaluation of arbitrary expressions, such as ones that | | use the Python exec method. | | https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict- | | builtins-available-to-imagemath-eval | +==============================================================================+ | pillow | 8.3.2 | <9.0.0 | 44485 | +==============================================================================+ | Pillow 9.0.0 includes a fix for CVE-2022-22815: path_getbbox in path.c in | | Pillow before 9.0.0 improperly initializes ImagePath.Path. | | https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed- | | imagepath-path-array-handling | +==============================================================================+ | pillow | 8.3.2 | <9.0.0 | 44524 | +==============================================================================+ | Pillow 9.0.0 ensures JpegImagePlugin stops at the end of a truncated file to | | avoid Denial of Service attacks. | | https://github.com/python-pillow/Pillow/pull/5921 | +==============================================================================+ | pillow | 8.3.2 | <9.0.0 | 44525 | +==============================================================================+ | Pillow 9.0.0 excludes carriage return in PDF regex to help prevent ReDoS. | | https://github.com/python-pillow/Pillow/pull/5912 | | https://github.com/python- | | pillow/Pillow/commit/43b800d933c996226e4d7df00c33fcbe46d97363 | +==============================================================================+ | pillow | 8.3.2 | <9.0.0 | 44486 | +==============================================================================+ | Pillow 9.0.0 includes a fix for CVE-2022-22816: path_getbbox in path.c in | | Pillow before 9.0.0 has a buffer over-read during initialization of | | ImagePath.Path. | | https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed- | | imagepath-path-array-handling | +==============================================================================+ | pipenv | 2021.5.29 | >=2018.10.9,<=2021.11.23 | 44492 | +==============================================================================+ | Pipenv 2022.1.8 includes a fix for CVE-2022-21668: Starting with version | | 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of | | requirements files allows an attacker to insert a specially crafted string | | inside a comment anywhere within a requirements.txt file, which will cause | | victims who use pipenv to install the requirements file to download | | dependencies from a package index server controlled by the attacker. By | | embedding malicious code in packages served from their malicious index | | server, the attacker can trigger arbitrary remote code execution (RCE) on | | the victims' systems. If an attacker is able to hide a malicious '--index- | | url' option in a requirements file that a victim installs with pipenv, the | | attacker can embed arbitrary malicious code in packages served from their | | malicious index server that will be executed on the victim's host during | | installation (remote code execution/RCE). When pip installs from a source | | distribution, any code in the setup.py is executed by the install process. | | https://github.com/pypa/pipenv/security/advisories/GHSA-qc9x-gjcv-465w | +==============================================================================+ ``` --- Pipfile | 4 +- Pipfile.lock | 151 +++++++++++++------------------ doc/Pipfile | 4 +- doc/Pipfile.lock | 22 +++-- doc/pip-cve-ignore | 1 + docker/qgisserver/pip-cve-ignore | 1 + 6 files changed, 82 insertions(+), 101 deletions(-) create mode 100644 docker/qgisserver/pip-cve-ignore diff --git a/Pipfile b/Pipfile index 74bf548201..6e2e50f869 100644 --- a/Pipfile +++ b/Pipfile @@ -156,13 +156,13 @@ markupsafe = "==1.1.1" munch = "==2.5.0" netifaces = "==0.10.9" networkx = "==1.7" -numpy = "==1.21.5" +numpy = "==1.22.2" objgraph = "==3.5.0" paste = "==3.5.0" pastedeploy = "==2.1.1" pbr = "==5.5.1" peppercorn = "==0.6" -pillow = "==8.3.2" +pillow = "==9.0.1" pipfile = "==0.0.2" plaster = "==1.0" plaster-pastedeploy = "==0.7" diff --git a/Pipfile.lock b/Pipfile.lock index 5704f168a5..c22b3cb9b5 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "b72b2e1df4cb56713f75b08e12ead6c3593a922012aa109215bd2ed25c150c62" + "sha256": "7d21db7d11da258343e44f31d36e862c754173895538af03418d2224c389832a" }, "pipfile-spec": 6, "requires": { @@ -527,39 +527,28 @@ }, "numpy": { "hashes": [ - "sha256:00c9fa73a6989895b8815d98300a20ac993c49ac36c8277e8ffeaa3631c0dbbb", - "sha256:025b497014bc33fc23897859350f284323f32a2fff7654697f5a5fc2a19e9939", - "sha256:08de8472d9f7571f9d51b27b75e827f5296295fa78817032e84464be8bb905bc", - "sha256:1964db2d4a00348b7a60ee9d013c8cb0c566644a589eaa80995126eac3b99ced", - "sha256:2a9add27d7fc0fdb572abc3b2486eb3b1395da71e0254c5552b2aad2a18b5441", - "sha256:2d8adfca843bc46ac199a4645233f13abf2011a0b2f4affc5c37cd552626f27b", - "sha256:301e408a052fdcda5cdcf03021ebafc3c6ea093021bf9d1aa47c54d48bdad166", - "sha256:311283acf880cfcc20369201bd75da907909afc4666966c7895cbed6f9d2c640", - "sha256:341dddcfe3b7b6427a28a27baa59af5ad51baa59bfec3264f1ab287aa3b30b13", - "sha256:3a5098df115340fb17fc93867317a947e1dcd978c3888c5ddb118366095851f8", - "sha256:3c978544be9e04ed12016dd295a74283773149b48f507d69b36f91aa90a643e5", - "sha256:3d893b0871322eaa2f8c7072cdb552d8e2b27645b7875a70833c31e9274d4611", - "sha256:4fe6a006557b87b352c04596a6e3f12a57d6e5f401d804947bd3188e6b0e0e76", - "sha256:507c05c7a37b3683eb08a3ff993bd1ee1e6c752f77c2f275260533b265ecdb6c", - "sha256:58ca1d7c8aef6e996112d0ce873ac9dfa1eaf4a1196b4ff7ff73880a09923ba7", - "sha256:61bada43d494515d5b122f4532af226fdb5ee08fe5b5918b111279843dc6836a", - "sha256:69a5a8d71c308d7ef33ef72371c2388a90e3495dbb7993430e674006f94797d5", - "sha256:6a5928bc6241264dce5ed509e66f33676fc97f464e7a919edc672fb5532221ee", - "sha256:7b9d6b14fc9a4864b08d1ba57d732b248f0e482c7b2ff55c313137e3ed4d8449", - "sha256:a7c4b701ca418cd39e28ec3b496e6388fe06de83f5f0cb74794fa31cfa384c02", - "sha256:a7e8f6216f180f3fd4efb73de5d1eaefb5f5a1ee5b645c67333033e39440e63a", - "sha256:b545ebadaa2b878c8630e5bcdb97fc4096e779f335fc0f943547c1c91540c815", - "sha256:c293d3c0321996cd8ffe84215ffe5d269fd9d1d12c6f4ffe2b597a7c30d3e593", - "sha256:c5562bcc1a9b61960fc8950ade44d00e3de28f891af0acc96307c73613d18f6e", - "sha256:ca9c23848292c6fe0a19d212790e62f398fd9609aaa838859be8459bfbe558aa", - "sha256:cc1b30205d138d1005adb52087ff45708febbef0e420386f58664f984ef56954", - "sha256:dbce7adeb66b895c6aaa1fad796aaefc299ced597f6fbd9ceddb0dd735245354", - "sha256:dc4b2fb01f1b4ddbe2453468ea0719f4dbb1f5caa712c8b21bb3dd1480cd30d9", - "sha256:eed2afaa97ec33b4411995be12f8bdb95c87984eaa28d76cf628970c8a2d689a", - "sha256:fc7a7d7b0ed72589fd8b8486b9b42a564f10b8762be8bd4d9df94b807af4a089" - ], - "index": "pypi", - "version": "==1.21.5" + "sha256:03ae5850619abb34a879d5f2d4bb4dcd025d6d8fb72f5e461dae84edccfe129f", + "sha256:076aee5a3763d41da6bef9565fdf3cb987606f567cd8b104aded2b38b7b47abf", + "sha256:0b536b6840e84c1c6a410f3a5aa727821e6108f3454d81a5cd5900999ef04f89", + "sha256:15efb7b93806d438e3bc590ca8ef2f953b0ce4f86f337ef4559d31ec6cf9d7dd", + "sha256:168259b1b184aa83a514f307352c25c56af111c269ffc109d9704e81f72e764b", + "sha256:2638389562bda1635b564490d76713695ff497242a83d9b684d27bb4a6cc9d7a", + "sha256:3556c5550de40027d3121ebbb170f61bbe19eb639c7ad0c7b482cd9b560cd23b", + "sha256:4a176959b6e7e00b5a0d6f549a479f869829bfd8150282c590deee6d099bbb6e", + "sha256:515a8b6edbb904594685da6e176ac9fbea8f73a5ebae947281de6613e27f1956", + "sha256:55535c7c2f61e2b2fc817c5cbe1af7cb907c7f011e46ae0a52caa4be1f19afe2", + "sha256:59153979d60f5bfe9e4c00e401e24dfe0469ef8da6d68247439d3278f30a180f", + "sha256:60cb8e5933193a3cc2912ee29ca331e9c15b2da034f76159b7abc520b3d1233a", + "sha256:6767ad399e9327bfdbaa40871be4254d1995f4a3ca3806127f10cec778bd9896", + "sha256:76a4f9bce0278becc2da7da3b8ef854bed41a991f4226911a24a9711baad672c", + "sha256:8cf33634b60c9cef346663a222d9841d3bbbc0a2f00221d6bcfd0d993d5543f6", + "sha256:94dd11d9f13ea1be17bac39c1942f527cbf7065f94953cf62dfe805653da2f8f", + "sha256:aafa46b5a39a27aca566198d3312fb3bde95ce9677085efd02c86f7ef6be4ec7", + "sha256:badca914580eb46385e7f7e4e426fea6de0a37b9e06bec252e481ae7ec287082", + "sha256:d76a26c5118c4d96e264acc9e3242d72e1a2b92e739807b3b69d8d47684b6677" + ], + "index": "pypi", + "version": "==1.22.2" }, "oauthlib": { "hashes": [ @@ -635,62 +624,44 @@ }, "pillow": { "hashes": [ - "sha256:0412516dcc9de9b0a1e0ae25a280015809de8270f134cc2c1e32c4eeb397cf30", - "sha256:04835e68ef12904bc3e1fd002b33eea0779320d4346082bd5b24bec12ad9c3e9", - "sha256:06d1adaa284696785375fa80a6a8eb309be722cf4ef8949518beb34487a3df71", - "sha256:085a90a99404b859a4b6c3daa42afde17cb3ad3115e44a75f0d7b4a32f06a6c9", - "sha256:0b9911ec70731711c3b6ebcde26caea620cbdd9dcb73c67b0730c8817f24711b", - "sha256:10e00f7336780ca7d3653cf3ac26f068fa11b5a96894ea29a64d3dc4b810d630", - "sha256:11c27e74bab423eb3c9232d97553111cc0be81b74b47165f07ebfdd29d825875", - "sha256:11eb7f98165d56042545c9e6db3ce394ed8b45089a67124298f0473b29cb60b2", - "sha256:13654b521fb98abdecec105ea3fb5ba863d1548c9b58831dd5105bb3873569f1", - "sha256:15ccb81a6ffc57ea0137f9f3ac2737ffa1d11f786244d719639df17476d399a7", - "sha256:18a07a683805d32826c09acfce44a90bf474e6a66ce482b1c7fcd3757d588df3", - "sha256:19ec4cfe4b961edc249b0e04b5618666c23a83bc35842dea2bfd5dfa0157f81b", - "sha256:1c3ff00110835bdda2b1e2b07f4a2548a39744bb7de5946dc8e95517c4fb2ca6", - "sha256:27a330bf7014ee034046db43ccbb05c766aa9e70b8d6c5260bfc38d73103b0ba", - "sha256:2b11c9d310a3522b0fd3c35667914271f570576a0e387701f370eb39d45f08a4", - "sha256:2c661542c6f71dfd9dc82d9d29a8386287e82813b0375b3a02983feac69ef864", - "sha256:2cde7a4d3687f21cffdf5bb171172070bb95e02af448c4c8b2f223d783214056", - "sha256:2d5e9dc0bf1b5d9048a94c48d0813b6c96fccfa4ccf276d9c36308840f40c228", - "sha256:2f23b2d3079522fdf3c09de6517f625f7a964f916c956527bed805ac043799b8", - "sha256:35d27687f027ad25a8d0ef45dd5208ef044c588003cdcedf05afb00dbc5c2deb", - "sha256:35d409030bf3bd05fa66fb5fdedc39c521b397f61ad04309c90444e893d05f7d", - "sha256:4326ea1e2722f3dc00ed77c36d3b5354b8fb7399fb59230249ea6d59cbed90da", - "sha256:4abc247b31a98f29e5224f2d31ef15f86a71f79c7f4d2ac345a5d551d6393073", - "sha256:4d89a2e9219a526401015153c0e9dd48319ea6ab9fe3b066a20aa9aee23d9fd3", - "sha256:4e59e99fd680e2b8b11bbd463f3c9450ab799305d5f2bafb74fefba6ac058616", - "sha256:548794f99ff52a73a156771a0402f5e1c35285bd981046a502d7e4793e8facaa", - "sha256:56fd98c8294f57636084f4b076b75f86c57b2a63a8410c0cd172bc93695ee979", - "sha256:59697568a0455764a094585b2551fd76bfd6b959c9f92d4bdec9d0e14616303a", - "sha256:6bff50ba9891be0a004ef48828e012babaaf7da204d81ab9be37480b9020a82b", - "sha256:6cb3dd7f23b044b0737317f892d399f9e2f0b3a02b22b2c692851fb8120d82c6", - "sha256:7dbfbc0020aa1d9bc1b0b8bcf255a7d73f4ad0336f8fd2533fcc54a4ccfb9441", - "sha256:838eb85de6d9307c19c655c726f8d13b8b646f144ca6b3771fa62b711ebf7624", - "sha256:8b68f565a4175e12e68ca900af8910e8fe48aaa48fd3ca853494f384e11c8bcd", - "sha256:8f284dc1695caf71a74f24993b7c7473d77bc760be45f776a2c2f4e04c170550", - "sha256:963ebdc5365d748185fdb06daf2ac758116deecb2277ec5ae98139f93844bc09", - "sha256:a048dad5ed6ad1fad338c02c609b862dfaa921fcd065d747194a6805f91f2196", - "sha256:a1bd983c565f92779be456ece2479840ec39d386007cd4ae83382646293d681b", - "sha256:a66566f8a22561fc1a88dc87606c69b84fa9ce724f99522cf922c801ec68f5c1", - "sha256:bcb04ff12e79b28be6c9988f275e7ab69f01cc2ba319fb3114f87817bb7c74b6", - "sha256:bd24054aaf21e70a51e2a2a5ed1183560d3a69e6f9594a4bfe360a46f94eba83", - "sha256:be25cb93442c6d2f8702c599b51184bd3ccd83adebd08886b682173e09ef0c3f", - "sha256:c691b26283c3a31594683217d746f1dad59a7ae1d4cfc24626d7a064a11197d4", - "sha256:cc9d0dec711c914ed500f1d0d3822868760954dce98dfb0b7382a854aee55d19", - "sha256:ce2e5e04bb86da6187f96d7bab3f93a7877830981b37f0287dd6479e27a10341", - "sha256:ce651ca46d0202c302a535d3047c55a0131a720cf554a578fc1b8a2aff0e7d96", - "sha256:d0c8ebbfd439c37624db98f3877d9ed12c137cadd99dde2d2eae0dab0bbfc355", - "sha256:d675a876b295afa114ca8bf42d7f86b5fb1298e1b6bb9a24405a3f6c8338811c", - "sha256:dde3f3ed8d00c72631bc19cbfff8ad3b6215062a5eed402381ad365f82f0c18c", - "sha256:e5a31c07cea5edbaeb4bdba6f2b87db7d3dc0f446f379d907e51cc70ea375629", - "sha256:f514c2717012859ccb349c97862568fdc0479aad85b0270d6b5a6509dbc142e2", - "sha256:fc0db32f7223b094964e71729c0361f93db43664dd1ec86d3df217853cedda87", - "sha256:fd4fd83aa912d7b89b4b4a1580d30e2a4242f3936882a3f433586e5ab97ed0d5", - "sha256:feb5db446e96bfecfec078b943cc07744cc759893cef045aa8b8b6d6aaa8274e" - ], - "index": "pypi", - "version": "==8.3.2" + "sha256:011233e0c42a4a7836498e98c1acf5e744c96a67dd5032a6f666cc1fb97eab97", + "sha256:0f29d831e2151e0b7b39981756d201f7108d3d215896212ffe2e992d06bfe049", + "sha256:12875d118f21cf35604176872447cdb57b07126750a33748bac15e77f90f1f9c", + "sha256:14d4b1341ac07ae07eb2cc682f459bec932a380c3b122f5540432d8977e64eae", + "sha256:1c3c33ac69cf059bbb9d1a71eeaba76781b450bc307e2291f8a4764d779a6b28", + "sha256:1d19397351f73a88904ad1aee421e800fe4bbcd1aeee6435fb62d0a05ccd1030", + "sha256:253e8a302a96df6927310a9d44e6103055e8fb96a6822f8b7f514bb7ef77de56", + "sha256:2632d0f846b7c7600edf53c48f8f9f1e13e62f66a6dbc15191029d950bfed976", + "sha256:335ace1a22325395c4ea88e00ba3dc89ca029bd66bd5a3c382d53e44f0ccd77e", + "sha256:413ce0bbf9fc6278b2d63309dfeefe452835e1c78398efb431bab0672fe9274e", + "sha256:5100b45a4638e3c00e4d2320d3193bdabb2d75e79793af7c3eb139e4f569f16f", + "sha256:514ceac913076feefbeaf89771fd6febde78b0c4c1b23aaeab082c41c694e81b", + "sha256:528a2a692c65dd5cafc130de286030af251d2ee0483a5bf50c9348aefe834e8a", + "sha256:6295f6763749b89c994fcb6d8a7f7ce03c3992e695f89f00b741b4580b199b7e", + "sha256:6c8bc8238a7dfdaf7a75f5ec5a663f4173f8c367e5a39f87e720495e1eed75fa", + "sha256:718856856ba31f14f13ba885ff13874be7fefc53984d2832458f12c38205f7f7", + "sha256:7f7609a718b177bf171ac93cea9fd2ddc0e03e84d8fa4e887bdfc39671d46b00", + "sha256:80ca33961ced9c63358056bd08403ff866512038883e74f3a4bf88ad3eb66838", + "sha256:80fe64a6deb6fcfdf7b8386f2cf216d329be6f2781f7d90304351811fb591360", + "sha256:81c4b81611e3a3cb30e59b0cf05b888c675f97e3adb2c8672c3154047980726b", + "sha256:855c583f268edde09474b081e3ddcd5cf3b20c12f26e0d434e1386cc5d318e7a", + "sha256:9bfdb82cdfeccec50aad441afc332faf8606dfa5e8efd18a6692b5d6e79f00fd", + "sha256:a5d24e1d674dd9d72c66ad3ea9131322819ff86250b30dc5821cbafcfa0b96b4", + "sha256:a9f44cd7e162ac6191491d7249cceb02b8116b0f7e847ee33f739d7cb1ea1f70", + "sha256:b5b3f092fe345c03bca1e0b687dfbb39364b21ebb8ba90e3fa707374b7915204", + "sha256:b9618823bd237c0d2575283f2939655f54d51b4527ec3972907a927acbcc5bfc", + "sha256:cef9c85ccbe9bee00909758936ea841ef12035296c748aaceee535969e27d31b", + "sha256:d21237d0cd37acded35154e29aec853e945950321dd2ffd1a7d86fe686814669", + "sha256:d3c5c79ab7dfce6d88f1ba639b77e77a17ea33a01b07b99840d6ed08031cb2a7", + "sha256:d9d7942b624b04b895cb95af03a23407f17646815495ce4547f0e60e0b06f58e", + "sha256:db6d9fac65bd08cea7f3540b899977c6dee9edad959fa4eaf305940d9cbd861c", + "sha256:ede5af4a2702444a832a800b8eb7f0a7a1c0eed55b644642e049c98d589e5092", + "sha256:effb7749713d5317478bb3acb3f81d9d7c7f86726d41c1facca068a04cf5bb4c", + "sha256:f154d173286a5d1863637a7dcd8c3437bb557520b01bddb0be0258dcb72696b5", + "sha256:f25ed6e28ddf50de7e7ea99d7a976d6a9c415f03adcaac9c41ff6ff41b6d86ac" + ], + "index": "pypi", + "version": "==9.0.1" }, "pipfile": { "hashes": [ diff --git a/doc/Pipfile b/doc/Pipfile index a4dbdff3ef..ad71fe3b5b 100644 --- a/doc/Pipfile +++ b/doc/Pipfile @@ -21,7 +21,7 @@ markupsafe = "==1.1.1" packaging = "==20.1" pyparsing = "==2.4.6" pytz = "==2019.3" -requests = "==2.22.0" +requests = "==2.27.1" six = "==1.14.0" snowballstemmer = "==2.0.0" sphinxcontrib-applehelp = "==1.0.1" @@ -30,4 +30,4 @@ sphinxcontrib-htmlhelp = "==1.0.2" sphinxcontrib-jsmath = "==1.0.1" sphinxcontrib-qthelp = "==1.0.2" sphinxcontrib-serializinghtml = "==1.1.3" -urllib3 = "==1.25.9" +urllib3 = "==1.26.8" diff --git a/doc/Pipfile.lock b/doc/Pipfile.lock index 6ebe8bff18..ec9c4ee8b8 100644 --- a/doc/Pipfile.lock +++ b/doc/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "c1c54c7b8b0a7e3a1ac0f8dca943f0c44d78338d746c56934539b670357eb956" + "sha256": "e6be30b36840cc05c6efbc1a6bc89cba7beefc3f6d9902a62d160b9b8c35f6dc" }, "pipfile-spec": 6, "requires": {}, @@ -46,6 +46,14 @@ "index": "pypi", "version": "==3.0.4" }, + "charset-normalizer": { + "hashes": [ + "sha256:2842d8f5e82a1f6aa437380934d5e1cd4fcf2003b06fed6940769c164a480a45", + "sha256:98398a9d69ee80548c762ba991a4728bfc3836768ed226b3945908d1a688371c" + ], + "markers": "python_version >= '3'", + "version": "==2.0.11" + }, "docutils": { "hashes": [ "sha256:0c5b78adfbf7762415433f5515cd5c9e762339e23369dbe8000d84a4bf4ab3af", @@ -170,11 +178,11 @@ }, "requests": { "hashes": [ - "sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4", - "sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31" + "sha256:68d7c56fd5a8999887728ef304a6d12edc7be74f1cfa47714fc8b414525c9a61", + "sha256:f22fa1e554c9ddfd16e6e41ac79759e17be9e492b3587efa038054674760e72d" ], "index": "pypi", - "version": "==2.22.0" + "version": "==2.27.1" }, "setuptools": { "hashes": [ @@ -266,11 +274,11 @@ }, "urllib3": { "hashes": [ - "sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527", - "sha256:88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115" + "sha256:000ca7f471a233c2251c6c7023ee85305721bfdf18621ebff4fd17a8653427ed", + "sha256:0e7c33d9a63e7ddfcb86780aac87befc2fbddf46c58dbb487e0855f7ceec283c" ], "index": "pypi", - "version": "==1.25.9" + "version": "==1.26.8" } }, "develop": {} diff --git a/doc/pip-cve-ignore b/doc/pip-cve-ignore index e83eb69674..7e2b2a79cc 100644 --- a/doc/pip-cve-ignore +++ b/doc/pip-cve-ignore @@ -1 +1,2 @@ 42194 +44492 diff --git a/docker/qgisserver/pip-cve-ignore b/docker/qgisserver/pip-cve-ignore new file mode 100644 index 0000000000..b0da27c6ed --- /dev/null +++ b/docker/qgisserver/pip-cve-ignore @@ -0,0 +1 @@ +44492