From ad14538b65768eb8ca473cea468c5c66e0ae4904 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Mar 2021 21:38:48 +0000 Subject: [PATCH 1/5] Bump pyyaml from 5.1 to 5.4 Bumps [pyyaml](https://github.com/yaml/pyyaml) from 5.1 to 5.4. - [Release notes](https://github.com/yaml/pyyaml/releases) - [Changelog](https://github.com/yaml/pyyaml/blob/master/CHANGES) - [Commits](https://github.com/yaml/pyyaml/compare/5.1...5.4) Signed-off-by: dependabot[bot] --- requirements_dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements_dev.txt b/requirements_dev.txt index d629c83..2b32612 100644 --- a/requirements_dev.txt +++ b/requirements_dev.txt @@ -9,4 +9,4 @@ Sphinx==1.3.1 cryptography==3.3.2 tabulate==0.8.2 configparser -PyYAML==5.1 +PyYAML==5.4 From f063c08ecae1625a689647af803e7d24b0dd98cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Dec 2022 19:44:35 +0000 Subject: [PATCH 2/5] Bump wheel from 0.23.0 to 0.38.1 Bumps [wheel](https://github.com/pypa/wheel) from 0.23.0 to 0.38.1. - [Release notes](https://github.com/pypa/wheel/releases) - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](https://github.com/pypa/wheel/compare/0.23.0...0.38.1) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:development ... Signed-off-by: dependabot[bot] --- requirements_dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements_dev.txt b/requirements_dev.txt index d629c83..312aadf 100644 --- a/requirements_dev.txt +++ b/requirements_dev.txt @@ -1,6 +1,6 @@ -e git+https://github.com/transientlunatic/sphinx-daniel-theme.git#egg=sphinx-daniel-theme bumpversion==0.5.3 -wheel==0.23.0 +wheel==0.38.1 watchdog==0.8.3 flake8==2.4.1 tox==2.1.1 From 71ffd8c73e13c9c38fe6969c415abcccbbfc7a03 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 10 Jul 2024 08:49:31 +0000 Subject: [PATCH 3/5] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899 --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 63bf660..eedb311 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,3 +4,4 @@ markdown pyyaml matplotlib configparser +zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability From 0e5c097c26921804e4ccfa338544b40464ab3ac3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Aug 2024 15:23:33 +0000 Subject: [PATCH 4/5] Bump cryptography from 3.3.2 to 42.0.4 Bumps [cryptography](https://github.com/pyca/cryptography) from 3.3.2 to 42.0.4. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/3.3.2...42.0.4) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:development ... Signed-off-by: dependabot[bot] --- requirements_dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements_dev.txt b/requirements_dev.txt index 2b32612..4faf643 100644 --- a/requirements_dev.txt +++ b/requirements_dev.txt @@ -6,7 +6,7 @@ flake8==2.4.1 tox==2.1.1 coverage==4.0 Sphinx==1.3.1 -cryptography==3.3.2 +cryptography==42.0.4 tabulate==0.8.2 configparser PyYAML==5.4 From 7ee568edeada3be07f649cf626d8cc3a07518e56 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 20 Aug 2024 15:24:33 +0000 Subject: [PATCH 5/5] fix: requirements_dev.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6592767 --- requirements_dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements_dev.txt b/requirements_dev.txt index 4faf643..4667ee6 100644 --- a/requirements_dev.txt +++ b/requirements_dev.txt @@ -6,7 +6,7 @@ flake8==2.4.1 tox==2.1.1 coverage==4.0 Sphinx==1.3.1 -cryptography==42.0.4 +cryptography==42.0.6 tabulate==0.8.2 configparser PyYAML==5.4