[ANN] U-Boot v2023.07 released

Tom Rini trini at konsulko.com
Tue Jul 11 18:58:20 CEST 2023


On Tue, Jul 11, 2023 at 06:54:42PM +0200, Frank Wunderlich wrote:
> Hi,
> 
> Btw. Githubs dependa-bot reports some security related issues with pythons setup-tools. As far as i see it should only affects tests...as i don't use the tests i cannot say if it breaks anything and so not send a patch in ML.
> 
> maybe this can be done directly in original uboot repo.
> 
> https://github.com/frank-w/u-boot/pull/6
> 
> I hope this way of reporting is ok :)

Yes, thanks for bringing this up. This has been addressed in next (and
now master) with:
commit b1574ddebd34fee83e4c11f9da54b52ba7198fa8
Author: Tom Rini <trini at konsulko.com>
Date:   Tue May 30 15:50:30 2023 -0400

    python: Update requirements.txt for security issues
    
    Per GitHub Dependabot:
    - Use setuptools 65.5.1 to avoid some DoS issue
    - Use requests 2.31.0 to avoid leaking some proxy information
    
    Signed-off-by: Tom Rini <trini at konsulko.com>
    Tested-by: Heinrich Schuchardt <xypron.glpk at gmx.de>

But wasn't merged for the release as the issues themselves are overall
not something U-Boot hits but rather just parts of the frameworks we use
for testing and doc generation.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20230711/56afaa0b/attachment.sig>


More information about the U-Boot mailing list