From 1c3ec193fbf88e898ce6b0b94f4afa4f187ad4dd Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 13 Nov 2021 23:52:58 +0000 Subject: [PATCH 01/17] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 08c7602..1d8f902 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,7 +5,7 @@ progress==1.5 prompt-toolkit==1.0.15 SelectMenu pyfiglet==0.8.post1 -PyYAML==5.3.1 +PyYAML==5.4 requests==2.24.0 urllib3==1.25.10 websocket-client==0.53.0 From 05834ff4289d832b9ce2a85cc36f3ae20632b547 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 14 Nov 2021 14:41:03 +0000 Subject: [PATCH 02/17] fix: Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 - https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-1075326 - https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-1569403 - https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-1569406 - https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-567125 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index f2912a6..5dc0034 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.8.0-slim as builder +FROM python:3.9.7-slim as builder RUN apt-get update -y \ && apt-get clean -y WORKDIR /kubestrike @@ -7,7 +7,7 @@ RUN pip install --upgrade pip \ && pip install kubestrike -FROM python:3.8.0-slim +FROM python:3.9.7-slim LABEL maintainer="vasant kumar chinnipilli" COPY --from=builder /usr/local/lib/python3.8/site-packages /usr/local/lib/python3.8/site-packages COPY --from=builder /kubestrike /kubestrike From 85345d96565d44ebb9937521c3bc84308dc42646 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 14 Nov 2021 16:02:57 +0000 Subject: [PATCH 03/17] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435 --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 08c7602..6f323d3 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,7 +5,7 @@ progress==1.5 prompt-toolkit==1.0.15 SelectMenu pyfiglet==0.8.post1 -PyYAML==5.3.1 +PyYAML==5.4 requests==2.24.0 -urllib3==1.25.10 +urllib3==1.26.5 websocket-client==0.53.0 From eb0aa8815248bbfa62e0d59f90c0d129ffa5a421 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D2=89=CE=B1k=CE=B1=20x=E2=A0=A0=E2=A0=B5?= <32862241+4k4xs4pH1r3@users.noreply.github.com> Date: Sun, 14 Nov 2021 11:04:25 -0500 Subject: [PATCH 04/17] Create SECURITY.md --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..034e848 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc. From 6bb6092a50417c59aa365bfe8081c90528031c8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D2=89=CE=B1k=CE=B1=20x=E2=A0=A0=E2=A0=B5?= <32862241+4k4xs4pH1r3@users.noreply.github.com> Date: Sun, 14 Nov 2021 11:04:49 -0500 Subject: [PATCH 05/17] Create codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 70 +++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..1f039ee --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,70 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '44 23 * * 1' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'python' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://git.io/codeql-language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 From 16946f54fe77c3a44c747f590d6824ea93063b34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D2=89=CE=B1k=CE=B1=20x=E2=A0=A0=E2=A0=B5?= <32862241+4k4xs4pH1r3@users.noreply.github.com> Date: Sun, 14 Nov 2021 11:05:00 -0500 Subject: [PATCH 06/17] Create anchore-analysis.yml --- .github/workflows/anchore-analysis.yml | 34 ++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/anchore-analysis.yml diff --git a/.github/workflows/anchore-analysis.yml b/.github/workflows/anchore-analysis.yml new file mode 100644 index 0000000..6c0221d --- /dev/null +++ b/.github/workflows/anchore-analysis.yml @@ -0,0 +1,34 @@ +# This workflow checks out code, builds an image, performs a container image +# vulnerability scan with Anchore's Grype tool, and integrates the results with GitHub Advanced Security +# code scanning feature. For more information on the Anchore scan action usage +# and parameters, see https://github.com/anchore/scan-action. For more +# information on Anchore's container image scanning tool Grype, see +# https://github.com/anchore/grype +name: Anchore Container Scan + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '17 18 * * 0' + +jobs: + Anchore-Build-Scan: + runs-on: ubuntu-latest + steps: + - name: Checkout the code + uses: actions/checkout@v2 + - name: Build the Docker image + run: docker build . --file Dockerfile --tag localbuild/testimage:latest + - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled + uses: anchore/scan-action@main + with: + image: "localbuild/testimage:latest" + acs-report-enable: true + - name: Upload Anchore Scan Report + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: results.sarif From 8d0cc959d12cd914b106e27667418500712acabc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D2=89=CE=B1k=CE=B1=20x=E2=A0=A0=E2=A0=B5?= <32862241+4k4xs4pH1r3@users.noreply.github.com> Date: Sun, 14 Nov 2021 11:05:18 -0500 Subject: [PATCH 07/17] Create kubesec-analysis.yml --- .github/workflows/kubesec-analysis.yml | 41 ++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/kubesec-analysis.yml diff --git a/.github/workflows/kubesec-analysis.yml b/.github/workflows/kubesec-analysis.yml new file mode 100644 index 0000000..c76a0bd --- /dev/null +++ b/.github/workflows/kubesec-analysis.yml @@ -0,0 +1,41 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Kubesec + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '37 17 * * 5' + +jobs: + lint: + name: Kubesec + runs-on: ubuntu-20.04 + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Run kubesec scanner + uses: controlplaneio/kubesec-action@43d0ddff5ffee89a6bb9f29b64cd865411137b14 + with: + input: file.yaml # specify configuration file to scan here + format: template + template: template/sarif.tpl + output: kubesec-results.sarif + exit-code: "0" + + - name: Upload Kubesec scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: kubesec-results.sarif From 26de9ede8d43f3c9d2cf320c2a6ad76ea7df672e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D2=89=CE=B1k=CE=B1=20x=E2=A0=A0=E2=A0=B5?= <32862241+4k4xs4pH1r3@users.noreply.github.com> Date: Sun, 14 Nov 2021 11:05:26 -0500 Subject: [PATCH 08/17] Create semgrep-analysis.yml --- .github/workflows/semgrep-analysis.yml | 37 ++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/semgrep-analysis.yml diff --git a/.github/workflows/semgrep-analysis.yml b/.github/workflows/semgrep-analysis.yml new file mode 100644 index 0000000..cc1fc0c --- /dev/null +++ b/.github/workflows/semgrep-analysis.yml @@ -0,0 +1,37 @@ +# This workflow file requires a free account on Semgrep.dev to +# manage rules, file ignores, notifications, and more. +# +# See https://semgrep.dev/docs + +name: Semgrep + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '16 16 * * 4' + +jobs: + semgrep: + name: Scan + runs-on: ubuntu-latest + steps: + # Checkout project source + - uses: actions/checkout@v2 + + # Scan code using project's configuration on https://semgrep.dev/manage + - uses: returntocorp/semgrep-action@v1 + with: + publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} + publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }} + generateSarif: "1" + + # Upload SARIF file generated in previous step + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: semgrep.sarif + if: always() From 8ccec1766a1fc00ad464f58a9859b52a348f32e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D2=89=CE=B1k=CE=B1=20x=E2=A0=A0=E2=A0=B5?= <32862241+4k4xs4pH1r3@users.noreply.github.com> Date: Sun, 14 Nov 2021 11:05:34 -0500 Subject: [PATCH 09/17] Create snyk-container-analysis.yml --- .github/workflows/snyk-container-analysis.yml | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 .github/workflows/snyk-container-analysis.yml diff --git a/.github/workflows/snyk-container-analysis.yml b/.github/workflows/snyk-container-analysis.yml new file mode 100644 index 0000000..05c8cf3 --- /dev/null +++ b/.github/workflows/snyk-container-analysis.yml @@ -0,0 +1,43 @@ +# A sample workflow which checks out the code, builds a container +# image using Docker and scans that image for vulnerabilities using +# Snyk. The results are then uploaded to GitHub Security Code Scanning +# +# For more examples, including how to limit scans to only high-severity +# issues, monitor images for newly disclosed vulnerabilities in Snyk and +# fail PR checks for new vulnerabilities, see https://github.com/snyk/actions/ + +name: Snyk Container + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '27 4 * * 4' + +jobs: + snyk: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Build a Docker image + run: docker build -t your/image-to-test . + - name: Run Snyk to check Docker image for vulnerabilities + # Snyk can be used to break the build when it detects vulnerabilities. + # In this case we want to upload the issues to GitHub Code Scanning + continue-on-error: true + uses: snyk/actions/docker@master + env: + # In order to use the Snyk Action you will need to have a Snyk API token. + # More details in https://github.com/snyk/actions#getting-your-snyk-token + # or you can signup for free at https://snyk.io/login + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + image: your/image-to-test + args: --file=Dockerfile + - name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: snyk.sarif From 8de8e9f0eef6513b829bb104a34f5941a4904f6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D2=89=CE=B1k=CE=B1=20x=E2=A0=A0=E2=A0=B5?= <32862241+4k4xs4pH1r3@users.noreply.github.com> Date: Sun, 14 Nov 2021 11:05:41 -0500 Subject: [PATCH 10/17] Create snyk-infrastructure-analysis.yml --- .../snyk-infrastructure-analysis.yml | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/snyk-infrastructure-analysis.yml diff --git a/.github/workflows/snyk-infrastructure-analysis.yml b/.github/workflows/snyk-infrastructure-analysis.yml new file mode 100644 index 0000000..eba6fb3 --- /dev/null +++ b/.github/workflows/snyk-infrastructure-analysis.yml @@ -0,0 +1,42 @@ +# A sample workflow which checks out your Infrastructure as Code Configuration files, +# such as Kubernetes, Helm & Terraform and scans them for any security issues. +# The results are then uploaded to GitHub Security Code Scanning +# +# For more examples, including how to limit scans to only high-severity issues +# and fail PR checks, see https://github.com/snyk/actions/ + +name: Snyk Infrastructure as Code + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '36 8 * * 2' + +jobs: + snyk: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Run Snyk to check configuration files for security issues + # Snyk can be used to break the build when it detects security issues. + # In this case we want to upload the issues to GitHub Code Scanning + continue-on-error: true + uses: snyk/actions/iac@master + env: + # In order to use the Snyk Action you will need to have a Snyk API token. + # More details in https://github.com/snyk/actions#getting-your-snyk-token + # or you can signup for free at https://snyk.io/login + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + # Add the path to the configuration file that you would like to test. + # For example `deployment.yaml` for a Kubernetes deployment manifest + # or `main.tf` for a Terraform configuration file + file: your-file-to-test.yaml + - name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: snyk.sarif From 228facf04da1ba5c926373ccd5b426fb8d0575bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D2=89=CE=B1k=CE=B1=20x=E2=A0=A0=E2=A0=B5?= <32862241+4k4xs4pH1r3@users.noreply.github.com> Date: Sun, 14 Nov 2021 11:05:51 -0500 Subject: [PATCH 11/17] Create trivy-analysis.yml --- .github/workflows/trivy-analysis.yml | 36 ++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 .github/workflows/trivy-analysis.yml diff --git a/.github/workflows/trivy-analysis.yml b/.github/workflows/trivy-analysis.yml new file mode 100644 index 0000000..cc44fbc --- /dev/null +++ b/.github/workflows/trivy-analysis.yml @@ -0,0 +1,36 @@ +name: build + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '21 10 * * 3' + +jobs: + build: + name: Build + runs-on: "ubuntu-18.04" + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Build an image from Dockerfile + run: | + docker build -t docker.io/my-organization/my-app:${{ github.sha }} . + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' + format: 'template' + template: '@/contrib/sarif.tpl' + output: 'trivy-results.sarif' + severity: 'CRITICAL,HIGH' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: 'trivy-results.sarif' From ed15563161bc8f8d1055852384879fe979c97a8d Mon Sep 17 00:00:00 2001 From: "whitesource-bolt-for-github[bot]" <42819689+whitesource-bolt-for-github[bot]@users.noreply.github.com> Date: Thu, 30 Dec 2021 08:06:16 +0000 Subject: [PATCH 12/17] Add .whitesource configuration file --- .whitesource | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .whitesource diff --git a/.whitesource b/.whitesource new file mode 100644 index 0000000..55b922e --- /dev/null +++ b/.whitesource @@ -0,0 +1,12 @@ +{ + "scanSettings": { + "baseBranches": [] + }, + "checkRunSettings": { + "vulnerableCheckRunConclusionLevel": "failure", + "displayMode": "diff" + }, + "issueSettings": { + "minSeverityLevel": "LOW" + } +} \ No newline at end of file From ba00fdda5187c76023b853721f1888af1b1c06dd Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 2 Feb 2022 04:34:12 +0000 Subject: [PATCH 13/17] fix: Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN11-EXPAT-2384928 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340908 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340908 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340922 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340922 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5dc0034..f82ddd4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.9.7-slim as builder +FROM python:3.10.1-slim as builder RUN apt-get update -y \ && apt-get clean -y WORKDIR /kubestrike @@ -7,7 +7,7 @@ RUN pip install --upgrade pip \ && pip install kubestrike -FROM python:3.9.7-slim +FROM python:3.10.1-slim LABEL maintainer="vasant kumar chinnipilli" COPY --from=builder /usr/local/lib/python3.8/site-packages /usr/local/lib/python3.8/site-packages COPY --from=builder /kubestrike /kubestrike From 47a83920066484b1a459dfc593fe71b3d431ace0 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 2 Feb 2022 04:36:49 +0000 Subject: [PATCH 14/17] fix: Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN11-EXPAT-2384928 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340908 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340908 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340922 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340922 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index f82ddd4..aacc0fc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.10.1-slim as builder +FROM python:3.11-rc-slim as builder RUN apt-get update -y \ && apt-get clean -y WORKDIR /kubestrike @@ -7,7 +7,7 @@ RUN pip install --upgrade pip \ && pip install kubestrike -FROM python:3.10.1-slim +FROM python:3.11-rc-slim LABEL maintainer="vasant kumar chinnipilli" COPY --from=builder /usr/local/lib/python3.8/site-packages /usr/local/lib/python3.8/site-packages COPY --from=builder /kubestrike /kubestrike From c6de418dff243723886dfc2c2da5d9327ece66d5 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 2 Feb 2022 04:37:23 +0000 Subject: [PATCH 15/17] fix: Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN11-EXPAT-2384928 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340908 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340908 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340922 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340922 From d1e932df6657a08fdfb71e2c3c9d5ccab6ed868d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 May 2023 00:24:14 +0000 Subject: [PATCH 16/17] Bump requests from 2.24.0 to 2.31.0 Bumps [requests](https://github.com/psf/requests) from 2.24.0 to 2.31.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.24.0...v2.31.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 6f323d3..04cd91c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,6 +6,6 @@ prompt-toolkit==1.0.15 SelectMenu pyfiglet==0.8.post1 PyYAML==5.4 -requests==2.24.0 +requests==2.31.0 urllib3==1.26.5 websocket-client==0.53.0 From 8b09b88a41b436b934875496a2de3701fb4b9225 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Oct 2023 01:56:49 +0000 Subject: [PATCH 17/17] Bump urllib3 from 1.26.5 to 1.26.18 Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.5 to 1.26.18. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.5...1.26.18) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 04cd91c..0aa9fda 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,5 +7,5 @@ SelectMenu pyfiglet==0.8.post1 PyYAML==5.4 requests==2.31.0 -urllib3==1.26.5 +urllib3==1.26.18 websocket-client==0.53.0