diff --git a/.safety-policy-all.yml b/.safety-policy-all.yml index 706ad536..e1fa5e22 100644 --- a/.safety-policy-all.yml +++ b/.safety-policy-all.yml @@ -34,6 +34,16 @@ security: reason: Py package will no longer be fixed (latest version 1.11.0) 64227: reason: Fixed Jinja2 version 3.1.3 requires Python>=3.7 and is used there + 68477: + reason: Fixed virtualenv version 20.21.0 requires Python>=3.7 and is used there + 70612: + reason: Safety issue and CVE do not list a fixed version of Jinja2 + 70790: + reason: Fixed tqdm version 4.66.3 requires Python>=3.7 and is used there + 71591: + reason: Fixed Jinja2 version 3.1.4 requires Python>=3.7 and is used there + 71636: + reason: Fixed authlib version 1.3.1 requires Python>=3.8 and is used there # Continue with exit code 0 when vulnerabilities are found. continue-on-vulnerability-error: False diff --git a/dev-requirements.txt b/dev-requirements.txt index 72e496fb..0409ac8c 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -47,7 +47,8 @@ importlib-metadata>=4.8.3,<5; python_version >= '3.7' # packaging is used by pytest, pip-check-reqs, sphinx # packaging>=20.5 is needed by pip-check-reqs 2.4.3 but it requires only packaging>=16.0 # packaging 22.0 removed support for py36 -packaging>=21.0,<22.0 +packaging>=21.0,<22.0; python_version == '3.6' +packaging>=22.0; python_version >= '3.7' colorama>=0.4.5 diff --git a/docs/changes.rst b/docs/changes.rst index dd72f1a7..356b2511 100644 --- a/docs/changes.rst +++ b/docs/changes.rst @@ -31,7 +31,7 @@ Released: not yet **Bug fixes:** -* Addressed safety issues up to 2024-06-23. +* Addressed safety issues up to 2024-07-21. **Enhancements:** diff --git a/minimum-constraints-install.txt b/minimum-constraints-install.txt index d1c62f3f..6d812d05 100644 --- a/minimum-constraints-install.txt +++ b/minimum-constraints-install.txt @@ -53,7 +53,7 @@ jsonschema==3.0.1 yamlloader==0.5.5 # urllib3 is used to disable warnings -urllib3==1.26.18 +urllib3==1.26.19 # Indirect dependencies for install that are needed for some reason (must be consistent with requirements.txt) diff --git a/minimum-constraints.txt b/minimum-constraints.txt index fb2e2e59..faa4556e 100644 --- a/minimum-constraints.txt +++ b/minimum-constraints.txt @@ -40,7 +40,8 @@ safety-schemas==0.0.1; python_version >= '3.7' dparse==0.6.4b0; python_version >= '3.7' ruamel.yaml==0.17.21; python_version >= '3.7' click==8.0.2; python_version >= '3.7' -Authlib==1.2.0; python_version >= '3.7' +Authlib==1.2.0; python_version == '3.7' +Authlib==1.3.1; python_version >= '3.8' marshmallow==3.15.0; python_version >= '3.7' pydantic==1.10.13; python_version >= '3.7' typer==0.12.0; python_version >= '3.7' @@ -54,7 +55,8 @@ pytest==6.2.5; python_version >= '3.10' importlib-metadata==2.1.3; python_version == '3.6' importlib-metadata==4.8.3; python_version >= '3.7' -packaging==21.0 +packaging==21.0; python_version == '3.6' +packaging==22.0; python_version >= '3.7' # Coverage reporting (no imports, invoked via coveralls script): coverage==5.5 @@ -149,7 +151,7 @@ imagesize==1.3.0 importlib-resources==1.4.0 iniconfig==2.0.0 # used by pytest since its 6.0.0 which requires py36 Jinja2==3.0.3; python_version == '3.6' -Jinja2==3.1.3; python_version >= '3.7' +Jinja2==3.1.4; python_version >= '3.7' keyring==17.0.0 MarkupSafe==2.0.0 more-itertools==5.0.0 diff --git a/requirements.txt b/requirements.txt index e88a1922..00641478 100644 --- a/requirements.txt +++ b/requirements.txt @@ -38,7 +38,7 @@ PyYAML>=5.3.1,!=5.4.0,!=5.4.1,!=6.0.0; python_version >= '3.12' jsonschema>=3.0.1 yamlloader>=0.5.5 -urllib3>=1.26.18 +urllib3>=1.26.19 # Indirect dependencies for install that are needed for some reason (must be consistent with minimum-constraints-install.txt)