Addressed safety issues up to 2023-11-05

Signed-off-by: Andreas Maier <[email protected]>

.safety-policy.yml

@@ -60,6 +60,8 @@ security:
             reason: Fixed GitPython version 3.1.33 requires Python>=3.7 and is used there
         60841:
             reason: Fixed GitPython version 3.1.35 requires Python>=3.7 and is used there
+        61601:
+            reason: Fixed urllib3 version 1.26.17 requires Python>=3.6 and is used there
 
     # Continue with exit code 0 when vulnerabilities are found.
     continue-on-vulnerability-error: False

docs/changes.rst

@@ -28,8 +28,7 @@ Released: not yet
 
 **Bug fixes:**
 
-* Addressed safety issues from 6+7/2023, by increasing 'requests' to 2.31.0
-  on Python >=3.7, and by increasing other packages only needed for development.
+* Addressed safety issues up to 2023-11-05.
 
 **Enhancements:**
 
@@ -86,8 +85,6 @@ in this version, please update it in your installation.
 * Fixed issue with PyYAML 5.4 installation on Python>=3.10 that fails since
   the recent release of Cython 3.
 
-* Fixed safety issues from 2023-08-27.
-
 * Test: Circumvented a pip-check-reqs issue by excluding its version 2.5.0.
 
 **Enhancements:**

minimum-constraints.txt

@@ -81,7 +81,8 @@ wheel==0.38.1; python_version >= '3.7'
 zhmcclient==1.9.1
 
 prometheus-client==0.9.0
-urllib3==1.26.5
+urllib3==1.26.9; python_version == '3.5'
+urllib3==1.26.17; python_version >= '3.6'
 jsonschema==3.2.0
 six==1.14.0; python_version <= '3.9'
 six==1.16.0; python_version >= '3.10'

requirements.txt

@@ -10,8 +10,9 @@
 zhmcclient>=1.9.1
 
 prometheus-client>=0.9.0
-urllib3>=1.25.9; python_version <= '3.9'
-urllib3>=1.26.5; python_version >= '3.10'
+# urllib3 1.26.10 removed support for py35
+urllib3>=1.26.9; python_version == '3.5'
+urllib3>=1.26.17; python_version >= '3.6'
 jsonschema>=3.2.0
 six>=1.14.0; python_version <= '3.9'
 six>=1.16.0; python_version >= '3.10'