[PATCH 1/1] python: Update requirements.txt for security issues
Heinrich Schuchardt
xypron.glpk at gmx.de
Wed May 31 09:53:51 CEST 2023
On 5/30/23 21:50, Tom Rini wrote:
> Per GitHub Dependabot:
> - Use setuptools 65.5.1 to avoid some DoS issue
> - Use requests 2.31.0 to avoid leaking some proxy information
>
> Signed-off-by: Tom Rini <trini at konsulko.com>
Documentation builds fine with the patch.
Tested-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
> ---
> Cc: Simon Glass <sjg at chromium.org>
> Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
> ---
> doc/sphinx/requirements.txt | 2 +-
> test/py/requirements.txt | 4 ++--
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/doc/sphinx/requirements.txt b/doc/sphinx/requirements.txt
> index f9f6cc6e928b..aed449211711 100644
> --- a/doc/sphinx/requirements.txt
> +++ b/doc/sphinx/requirements.txt
> @@ -11,7 +11,7 @@ packaging==21.3
> Pygments==2.11.2
> pyparsing==3.0.7
> pytz==2022.1
> -requests==2.27.1
> +requests==2.31.0
> six==1.16.0
> snowballstemmer==2.2.0
> Sphinx==3.4.3
> diff --git a/test/py/requirements.txt b/test/py/requirements.txt
> index 86d6266053fd..f7e76bdb9181 100644
> --- a/test/py/requirements.txt
> +++ b/test/py/requirements.txt
> @@ -20,8 +20,8 @@ pytest==6.2.5
> pytest-xdist==2.5.0
> python-mimeparse==1.6.0
> python-subunit==1.3.0
> -requests==2.27.1
> -setuptools==58.3.0
> +requests==2.31.0
> +setuptools==65.5.1
> six==1.16.0
> testtools==2.3.0
> traceback2==1.4.0
More information about the U-Boot
mailing list