[all-commits] [llvm/llvm-project] 00e362: Generate a new requirements.txt to fix CVEs (#90109)

Joyce via All-commits all-commits at lists.llvm.org
Fri May 10 12:06:16 PDT 2024


  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 00e3620a0e7ceb8ab1c0cae303e40ad2528fdebe
      https://github.com/llvm/llvm-project/commit/00e3620a0e7ceb8ab1c0cae303e40ad2528fdebe
  Author: Joyce <joycebrum at google.com>
  Date:   2024-05-10 (Fri, 10 May 2024)

  Changed paths:
    M llvm/utils/git/requirements.txt
    M llvm/utils/git/requirements_formatting.txt

  Log Message:
  -----------
  Generate a new requirements.txt to fix CVEs (#90109)

Hi! Here is a patch for #81859 that fix the vulnerabilities found in
gitpython, cryptography, urllib3 and requests.

I have just regenerated the requirements.txt files running pip-compile
again. Fortunately, this was enough to set all the dependencies on safe
versions.

I have also checked if new vulnerabilities were introduced by running
scorecard on my fork, but none has been introduced.

Thanks!

Signed-off-by: Joyce Brum <joycebrum at google.com>



To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications


More information about the All-commits mailing list