<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/81859>81859</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Security vulnerabilities in 18.1.0-rc2
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          vogelsgesang
      </td>
    </tr>
</table>

<pre>
    An automated security scan of 18.1.0-rc2 complained about the following dependencies:

* llvm/utils/git/requirements.txt
  * gitpython==3.1.32 [CVE-2023-40590](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40590) [CVE-2023-41040](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41040) [CVE-2024-22190](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22190)
 * cryptography==41.0.3 [CVE-2023-4807](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4807)[CVE-2023-49083](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-49083) [CVE-2023-50782](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50782)
 * urllib3==1.26.12 [CVE-2023-43804](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43804) [CVE-2023-45803](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45803)
 * requests==2.28.1 [CVE-2023-32681](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32681)
* third-party/benchmark/requirements.txt
  * numpy==1.19.4 [CVE-2021-34141](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34141) [CVE-2021-41495](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41495) [CVE-2021-41496](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41496)
 * pandas==1.1.5 [CVE-2020-13091](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13091)
 * scipy==1.5.4 [CVE-2018-1999024](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1999024)
* mlir/utils/vscode/package-lock.json
  * semver:7.3.7 [CVE-2022-25883](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25883)
 * minimatch [Sonatype CWE 1333](https://cwe.mitre.org/data/definitions/1333.html)
* llvm/docs/requirements.txt
  * sphinx-bootstrap-theme==0.8.1 [CVE-2019-11358](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11358) [CVE-2020-11023](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11023) [CVE-2020-23064](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23064) [CVE-2020-11022](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11022)
 
This is the follow-up from #64417 for the 18.1.0 release

</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJy0Vs2uozgTfRqzsbD8RwILFrc7Helb96eZtYEKuK-xGdsknbcfAZe-ELXUG2YTFEGdc-pUlV0qBN1agBJlX1B2SdQYO-fLu2vBhBaCsm1SueZZvlmsxuh6FaHBAerR6_jEoVYWuxtmOWGEpr7muHb9YJS20GBVuTHi2AG-OWPcQ9sWNzCAbcDWGgISb4heEF1_-Rs25t4jfh2jNgHxa6sj4lcP_4zaQw82BhJ_xuVzjKeAVsfhGTtnkbggcRGEEcExyr58_etbyikXqaRZQVF2QTzvYhwmUn5F_PqAith7Q6wOkbTujvj1ruExPUZjEb82EJU2SMz__9cgcXnB5MWeiFF5ONGMuSOSKefs4IxWTF58eDtZW_vnEF3r1dA9F3clI5SIfdI5PR-d8wTJix1LQXNxNM2M-VLDjJ5zfjDRgrmzdvTG6EosrjLCT4S9NK3IqTw64RnztWmznB7u7Iy5S3gaYQgxLBlzwnPCdjoEP-XsYB0L5qpjkhE77Zt0UD4-Eb9WYOuuV_79D2eMHfvhudaKFURulLNUSCaPVb5i7krFUslkkR1MtGD-huj0HxCd9j0xKNuo8MtXkm1E0JQJWhxr64q5ExFq_VnbbFtalqesKArKD53DDeq2MXuj_ebeu4faNYD4dVD1u2ohNa5-Jz-Cs9u-DNDfwSPxdiaCnDfu8ZRn-cEH5oq5c6_XVvcq1t1E_t1ZFZ8D4K9_f8NMiA1_-CWgfgDpdfRAnG8nPhXVTHvTVkft7JT-FEy62JudRx-7QePq8IeBDUOn7c-0ci6G6NWQxg56WKpMye7oYUXKmMjyQ2u8Yu7miqaMUX5sUVbMFyIu6OnY22PF_E1Gx16XK-Znm82P_3c6YB02y2Q6DvjmXY8RFycp2RnfnJ_fL8so9mBABVjik6YUTSEKlUDJzjSnVMrinHQlkxIKpW5Ab0VVw4ndQOSZynkh-EnmTaLLaT-inGVMSCbOpDnnQDNBK57Jk7xVSFLolTZk6s-pqxMdwghlzvKsSIyqwIR5vebcwgPPL9HsWuLLKSatxjYgSY0OMXyiRB0NlN_XVXsyCryqtNFRQ8DabrbuZPSm3A9aq2M3VqR208x8jM7MNnj3A-ppr56lTLM0S_03AAD__2GBfg8">