[ANN] U-Boot v2023.07 released
Tom Rini
trini at konsulko.com
Tue Jul 11 18:58:20 CEST 2023
On Tue, Jul 11, 2023 at 06:54:42PM +0200, Frank Wunderlich wrote:
> Hi,
>
> Btw. Githubs dependa-bot reports some security related issues with pythons setup-tools. As far as i see it should only affects tests...as i don't use the tests i cannot say if it breaks anything and so not send a patch in ML.
>
> maybe this can be done directly in original uboot repo.
>
> https://github.com/frank-w/u-boot/pull/6
>
> I hope this way of reporting is ok :)
Yes, thanks for bringing this up. This has been addressed in next (and
now master) with:
commit b1574ddebd34fee83e4c11f9da54b52ba7198fa8
Author: Tom Rini <trini at konsulko.com>
Date: Tue May 30 15:50:30 2023 -0400
python: Update requirements.txt for security issues
Per GitHub Dependabot:
- Use setuptools 65.5.1 to avoid some DoS issue
- Use requests 2.31.0 to avoid leaking some proxy information
Signed-off-by: Tom Rini <trini at konsulko.com>
Tested-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
But wasn't merged for the release as the issues themselves are overall
not something U-Boot hits but rather just parts of the frameworks we use
for testing and doc generation.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20230711/56afaa0b/attachment.sig>
More information about the U-Boot
mailing list