Fixed safety issues up to 2024-05-17

Signed-off-by: Andreas Maier <maiera@de.ibm.com>

.safety-policy-install.yml

@@ -48,6 +48,16 @@ security:
             reason: Fixed urllib3 version 1.26.18 requires Python>=3.6 and is used there
         62044:
             reason: Fixed pip version 23.3 requires Python>=3.7 and is used there
+        67599:
+            reason: There is no fixed pip version
+        67884:
+            # TODO: Adjust once we remove stomp-py pinning
+            reason: Fixed stomp-py version 8.1.1 conflicts with our pinning of stomp-py to <7.0.0
+        67894:
+            # TODO: Adjust once we remove stomp-py pinning
+            reason: Fixed stomp-py version 8.1.1 conflicts with our pinning of stomp-py to <7.0.0
+        67895:
+            reason: Fixed idna version 3.7 requires requests>=2.26.0 which requires Python>=3.6 and is used there
 
     # Continue with exit code 0 when vulnerabilities are found.
     continue-on-vulnerability-error: False

dev-requirements.txt

@@ -105,11 +105,11 @@ Babel>=2.9.1; python_version >= '3.8'
 # Issue #2673: Pinning Pylint to <2.7.0 is a circumvention for Pylint issue
 #   https://github.com/PyCQA/pylint/issues/4120 that appears in Pylint 2.7.0.
 #   Pylint 2.10 has fixed the issue.
-pylint>=2.5.2,<2.7.0; python_version == '3.5'
+pylint>=2.6.2,<2.7.0; python_version == '3.5'
 pylint>=2.13.0,<2.14.0; python_version == '3.6'
 pylint>=2.13.0; python_version >= '3.7' and python_version <= '3.10'
 pylint>=2.15.0; python_version >= '3.11'
-astroid>=2.4.0,<2.6.0; python_version == '3.5'
+astroid>=2.4.2,<2.6.0; python_version == '3.5'
 astroid>=2.11.0; python_version >= '3.6' and python_version <= '3.10'
 astroid>=2.12.4; python_version >= '3.11'
 typed-ast>=1.4.0,<1.5.0; python_version >= '3.6' and python_version < '3.8' and implementation_name=='cpython'

docs/changes.rst

@@ -33,6 +33,8 @@ Released: not yet
 
 **Bug fixes:**
 
+* Fixed safety issues up to 2024-05-17.
+
 * In the Github Actions test workflow for Python 3.5, 3.6 and 3.7, changed
   macos-latest back to macos-12 because macos-latest got upgraded from macOS 12
   to macOS 14 which no longer supports these Python versions.

minimum-constraints-install.txt

@@ -33,7 +33,8 @@ wheel==0.38.1; python_version >= '3.7'
 decorator==4.0.11
 pytz==2016.10; python_version <= '3.9'
 pytz==2019.1; python_version >= '3.10'
-requests==2.25.0; python_version <= '3.6'
+requests==2.25.0; python_version <= '3.5'
+requests==2.26.0; python_version == '3.6'
 requests==2.31.0; python_version >= '3.7'
 six==1.14.0; python_version <= '3.9'
 six==1.16.0; python_version >= '3.10'
@@ -77,7 +78,10 @@ certifi==2019.9.11; python_version <= '3.5'
 certifi==2023.07.22; python_version >= '3.6'
 chardet==3.0.3
 docopt==0.6.2
-idna==2.5
+# idna>3 requires using requests >=2.26.0
+idna==2.5; python_version <= '3.5'
+idna==3.7; python_version >= '3.6'
+
 
 # Used by zhmcclient.testutils
 packaging==20.5; python_version <= '3.5'

minimum-constraints.txt

@@ -88,10 +88,10 @@ autodocsumm==0.2.12; python_version >= '3.8'
 Babel==2.9.1; python_version >= '3.8'
 
 # PyLint (no imports, invoked via pylint script):
-pylint==2.5.2; python_version == '3.5'
+pylint==2.6.2; python_version == '3.5'
 pylint==2.13.0; python_version >= '3.6' and python_version <= '3.10'
 pylint==2.15.0; python_version >= '3.11'
-astroid==2.4.0; python_version == '3.5'
+astroid==2.4.2; python_version == '3.5'
 astroid==2.11.0; python_version >= '3.6' and python_version <= '3.10'
 astroid==2.12.4; python_version >= '3.11'
 typed-ast==1.4.0; python_version >= '3.6' and python_version < '3.8' and implementation_name=='cpython'

requirements.txt

@@ -16,7 +16,8 @@ pytz>=2019.1; python_version >= '3.10'
 
 # requests 2.25.0 tolerates urllib3 1.26.5 which is needed on Python 3.10 to
 #   remove ImportWarning in six
-requests>=2.25.0; python_version <= '3.6'
+requests>=2.25.0; python_version <= '3.5'
+requests>=2.26.0; python_version == '3.6'
 requests>=2.31.0; python_version >= '3.7'
 
 # six 1.16.0 removes the ImportWarning raised by Python 3.10