[clang] [llvm] [clang-tools-extra] [mlir] fix vulnerabilities (PR #79697)

via cfe-commits cfe-commits at lists.llvm.org
Sat Jan 27 08:49:54 PST 2024


https://github.com/NxPKG created https://github.com/llvm/llvm-project/pull/79697

[feat: upgrade vscode-languageclient from 8.0.2-next.5 to 9.0.1](https://github.com/llvm/llvm-project/commit/f7b4f61db6016a1a02d775efc1e921fac785e823)
[fix: upgrade chokidar from 3.5.2 to 3.5.3](https://github.com/llvm/llvm-project/commit/a93fe7036c42346b2250afb757ebee5e3afcab31)
[fix: upgrade nan from 2.17.0 to 2.18.0](https://github.com/llvm/llvm-project/commit/c16496fa21ca79f5e98f286bed2265ae11189efb)
[fix: clang/utils/analyzer/requirements.txt to reduce vulnerabilities](https://github.com/llvm/llvm-project/commit/778b996957696d770daf92fd4c205e13f78c0850)
[fix: llvm/utils/git/requirements_formatting.txt to reduce vulnerabili](https://github.com/llvm/llvm-project/commit/040dceee80835841c21eceea1816f26b1ae744f4)
[fix: llvm/utils/git/requirements.txt to reduce vulnerabilities](https://github.com/llvm/llvm-project/commit/1f80440f313dc148813943dcd6c07b1d50d8cb5e)

>From f7b4f61db6016a1a02d775efc1e921fac785e823 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot at snyk.io>
Date: Fri, 19 Jan 2024 07:12:22 +0000
Subject: [PATCH 1/6] feat: upgrade vscode-languageclient from 8.0.2-next.5 to
 9.0.1

Snyk has created this PR to upgrade vscode-languageclient from 8.0.2-next.5 to 9.0.1.

See this package in npm:
https://www.npmjs.com/package/vscode-languageclient

See this project in Snyk:
https://app.snyk.io/org/gitaction-log4j/project/a71a1b94-9555-4c53-b459-4ef6c4d3545e?utm_source=github&utm_medium=referral&page=upgrade-pr
---
 mlir/utils/vscode/package-lock.json | 117 +++++++++++++++++++---------
 mlir/utils/vscode/package.json      |   2 +-
 2 files changed, 80 insertions(+), 39 deletions(-)

diff --git a/mlir/utils/vscode/package-lock.json b/mlir/utils/vscode/package-lock.json
index c93f6167c80a1e7..7d573b63fcca1f8 100644
--- a/mlir/utils/vscode/package-lock.json
+++ b/mlir/utils/vscode/package-lock.json
@@ -10,7 +10,7 @@
       "dependencies": {
         "base64-js": "^1.5.1",
         "chokidar": "3.5.2",
-        "vscode-languageclient": "^8.0.2-next.5"
+        "vscode-languageclient": "^9.0.1"
       },
       "devDependencies": {
         "@types/mocha": "^7.0.2",
@@ -279,6 +279,7 @@
       "version": "1.1.11",
       "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
       "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "dev": true,
       "dependencies": {
         "balanced-match": "^1.0.0",
         "concat-map": "0.0.1"
@@ -509,7 +510,8 @@
     "node_modules/concat-map": {
       "version": "0.0.1",
       "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
-      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
+      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
+      "dev": true
     },
     "node_modules/console-control-strings": {
       "version": "1.1.0",
@@ -1198,6 +1200,7 @@
       "version": "3.0.4",
       "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
       "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
+      "dev": true,
       "dependencies": {
         "brace-expansion": "^1.1.7"
       },
@@ -1881,24 +1884,43 @@
       "dev": true
     },
     "node_modules/vscode-jsonrpc": {
-      "version": "8.0.2-next.1",
-      "resolved": "https://registry.npmjs.org/vscode-jsonrpc/-/vscode-jsonrpc-8.0.2-next.1.tgz",
-      "integrity": "sha512-sbbvGSWja7NVBLHPGawtgezc8DHYJaP4qfr/AaJiyDapWcSFtHyPtm18+LnYMLTmB7bhOUW/lf5PeeuLpP6bKA==",
+      "version": "8.2.0",
+      "resolved": "https://registry.npmjs.org/vscode-jsonrpc/-/vscode-jsonrpc-8.2.0.tgz",
+      "integrity": "sha512-C+r0eKJUIfiDIfwJhria30+TYWPtuHJXHtI7J0YlOmKAo7ogxP20T0zxB7HZQIFhIyvoBPwWskjxrvAtfjyZfA==",
       "engines": {
         "node": ">=14.0.0"
       }
     },
     "node_modules/vscode-languageclient": {
-      "version": "8.0.2-next.5",
-      "resolved": "https://registry.npmjs.org/vscode-languageclient/-/vscode-languageclient-8.0.2-next.5.tgz",
-      "integrity": "sha512-g87RJLHz0XlRyk6DOTbAk4JHcj8CKggXy4JiFL7OlhETkcYzTOR8d+Qdb4GqZr37PDs1Cl21omtTNK5LyR/RQg==",
+      "version": "9.0.1",
+      "resolved": "https://registry.npmjs.org/vscode-languageclient/-/vscode-languageclient-9.0.1.tgz",
+      "integrity": "sha512-JZiimVdvimEuHh5olxhxkht09m3JzUGwggb5eRUkzzJhZ2KjCN0nh55VfiED9oez9DyF8/fz1g1iBV3h+0Z2EA==",
       "dependencies": {
-        "minimatch": "^3.0.4",
-        "semver": "^7.3.5",
-        "vscode-languageserver-protocol": "3.17.2-next.6"
+        "minimatch": "^5.1.0",
+        "semver": "^7.3.7",
+        "vscode-languageserver-protocol": "3.17.5"
       },
       "engines": {
-        "vscode": "^1.67.0"
+        "vscode": "^1.82.0"
+      }
+    },
+    "node_modules/vscode-languageclient/node_modules/brace-expansion": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/vscode-languageclient/node_modules/minimatch": {
+      "version": "5.1.6",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
+      "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+      "dependencies": {
+        "brace-expansion": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=10"
       }
     },
     "node_modules/vscode-languageclient/node_modules/semver": {
@@ -1916,18 +1938,18 @@
       }
     },
     "node_modules/vscode-languageserver-protocol": {
-      "version": "3.17.2-next.6",
-      "resolved": "https://registry.npmjs.org/vscode-languageserver-protocol/-/vscode-languageserver-protocol-3.17.2-next.6.tgz",
-      "integrity": "sha512-WtsebNOOkWyNn4oFYoAMPC8Q/ZDoJ/K7Ja53OzTixiitvrl/RpXZETrtzH79R8P5kqCyx6VFBPb6KQILJfkDkA==",
+      "version": "3.17.5",
+      "resolved": "https://registry.npmjs.org/vscode-languageserver-protocol/-/vscode-languageserver-protocol-3.17.5.tgz",
+      "integrity": "sha512-mb1bvRJN8SVznADSGWM9u/b07H7Ecg0I3OgXDuLdn307rl/J3A9YD6/eYOssqhecL27hK1IPZAsaqh00i/Jljg==",
       "dependencies": {
-        "vscode-jsonrpc": "8.0.2-next.1",
-        "vscode-languageserver-types": "3.17.2-next.2"
+        "vscode-jsonrpc": "8.2.0",
+        "vscode-languageserver-types": "3.17.5"
       }
     },
     "node_modules/vscode-languageserver-types": {
-      "version": "3.17.2-next.2",
-      "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.17.2-next.2.tgz",
-      "integrity": "sha512-TiAkLABgqkVWdAlC3XlOfdhdjIAdVU4YntPUm9kKGbXr+MGwpVnKz2KZMNBcvG0CFx8Hi8qliL0iq+ndPB720w=="
+      "version": "3.17.5",
+      "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.17.5.tgz",
+      "integrity": "sha512-Ld1VelNuX9pdF39h2Hgaeb5hEZM2Z3jUrrMgWQAu82jMtZp7p3vJT3BzToKtZI7NgQssZje5o0zryOrhQvzQAg=="
     },
     "node_modules/vscode-test": {
       "version": "1.6.1",
@@ -2202,6 +2224,7 @@
       "version": "1.1.11",
       "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
       "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "dev": true,
       "requires": {
         "balanced-match": "^1.0.0",
         "concat-map": "0.0.1"
@@ -2374,7 +2397,8 @@
     "concat-map": {
       "version": "0.0.1",
       "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
-      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
+      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
+      "dev": true
     },
     "console-control-strings": {
       "version": "1.1.0",
@@ -2898,6 +2922,7 @@
       "version": "3.0.4",
       "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
       "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
+      "dev": true,
       "requires": {
         "brace-expansion": "^1.1.7"
       }
@@ -3442,20 +3467,36 @@
       "dev": true
     },
     "vscode-jsonrpc": {
-      "version": "8.0.2-next.1",
-      "resolved": "https://registry.npmjs.org/vscode-jsonrpc/-/vscode-jsonrpc-8.0.2-next.1.tgz",
-      "integrity": "sha512-sbbvGSWja7NVBLHPGawtgezc8DHYJaP4qfr/AaJiyDapWcSFtHyPtm18+LnYMLTmB7bhOUW/lf5PeeuLpP6bKA=="
+      "version": "8.2.0",
+      "resolved": "https://registry.npmjs.org/vscode-jsonrpc/-/vscode-jsonrpc-8.2.0.tgz",
+      "integrity": "sha512-C+r0eKJUIfiDIfwJhria30+TYWPtuHJXHtI7J0YlOmKAo7ogxP20T0zxB7HZQIFhIyvoBPwWskjxrvAtfjyZfA=="
     },
     "vscode-languageclient": {
-      "version": "8.0.2-next.5",
-      "resolved": "https://registry.npmjs.org/vscode-languageclient/-/vscode-languageclient-8.0.2-next.5.tgz",
-      "integrity": "sha512-g87RJLHz0XlRyk6DOTbAk4JHcj8CKggXy4JiFL7OlhETkcYzTOR8d+Qdb4GqZr37PDs1Cl21omtTNK5LyR/RQg==",
+      "version": "9.0.1",
+      "resolved": "https://registry.npmjs.org/vscode-languageclient/-/vscode-languageclient-9.0.1.tgz",
+      "integrity": "sha512-JZiimVdvimEuHh5olxhxkht09m3JzUGwggb5eRUkzzJhZ2KjCN0nh55VfiED9oez9DyF8/fz1g1iBV3h+0Z2EA==",
       "requires": {
-        "minimatch": "^3.0.4",
-        "semver": "^7.3.5",
-        "vscode-languageserver-protocol": "3.17.2-next.6"
+        "minimatch": "^5.1.0",
+        "semver": "^7.3.7",
+        "vscode-languageserver-protocol": "3.17.5"
       },
       "dependencies": {
+        "brace-expansion": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+          "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+          "requires": {
+            "balanced-match": "^1.0.0"
+          }
+        },
+        "minimatch": {
+          "version": "5.1.6",
+          "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
+          "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+          "requires": {
+            "brace-expansion": "^2.0.1"
+          }
+        },
         "semver": {
           "version": "7.3.7",
           "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.7.tgz",
@@ -3467,18 +3508,18 @@
       }
     },
     "vscode-languageserver-protocol": {
-      "version": "3.17.2-next.6",
-      "resolved": "https://registry.npmjs.org/vscode-languageserver-protocol/-/vscode-languageserver-protocol-3.17.2-next.6.tgz",
-      "integrity": "sha512-WtsebNOOkWyNn4oFYoAMPC8Q/ZDoJ/K7Ja53OzTixiitvrl/RpXZETrtzH79R8P5kqCyx6VFBPb6KQILJfkDkA==",
+      "version": "3.17.5",
+      "resolved": "https://registry.npmjs.org/vscode-languageserver-protocol/-/vscode-languageserver-protocol-3.17.5.tgz",
+      "integrity": "sha512-mb1bvRJN8SVznADSGWM9u/b07H7Ecg0I3OgXDuLdn307rl/J3A9YD6/eYOssqhecL27hK1IPZAsaqh00i/Jljg==",
       "requires": {
-        "vscode-jsonrpc": "8.0.2-next.1",
-        "vscode-languageserver-types": "3.17.2-next.2"
+        "vscode-jsonrpc": "8.2.0",
+        "vscode-languageserver-types": "3.17.5"
       }
     },
     "vscode-languageserver-types": {
-      "version": "3.17.2-next.2",
-      "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.17.2-next.2.tgz",
-      "integrity": "sha512-TiAkLABgqkVWdAlC3XlOfdhdjIAdVU4YntPUm9kKGbXr+MGwpVnKz2KZMNBcvG0CFx8Hi8qliL0iq+ndPB720w=="
+      "version": "3.17.5",
+      "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.17.5.tgz",
+      "integrity": "sha512-Ld1VelNuX9pdF39h2Hgaeb5hEZM2Z3jUrrMgWQAu82jMtZp7p3vJT3BzToKtZI7NgQssZje5o0zryOrhQvzQAg=="
     },
     "vscode-test": {
       "version": "1.6.1",
diff --git a/mlir/utils/vscode/package.json b/mlir/utils/vscode/package.json
index bd550e2b6e61e24..d7f67d441e55332 100644
--- a/mlir/utils/vscode/package.json
+++ b/mlir/utils/vscode/package.json
@@ -39,7 +39,7 @@
   "dependencies": {
     "base64-js": "^1.5.1",
     "chokidar": "3.5.2",
-    "vscode-languageclient": "^8.0.2-next.5"
+    "vscode-languageclient": "^9.0.1"
   },
   "devDependencies": {
     "@types/mocha": "^7.0.2",

>From a93fe7036c42346b2250afb757ebee5e3afcab31 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot at snyk.io>
Date: Fri, 19 Jan 2024 07:12:27 +0000
Subject: [PATCH 2/6] fix: upgrade chokidar from 3.5.2 to 3.5.3

Snyk has created this PR to upgrade chokidar from 3.5.2 to 3.5.3.

See this package in npm:
https://www.npmjs.com/package/chokidar

See this project in Snyk:
https://app.snyk.io/org/gitaction-log4j/project/a71a1b94-9555-4c53-b459-4ef6c4d3545e?utm_source=github&utm_medium=referral&page=upgrade-pr
---
 mlir/utils/vscode/package-lock.json | 20 +++++++++++++-------
 mlir/utils/vscode/package.json      |  2 +-
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/mlir/utils/vscode/package-lock.json b/mlir/utils/vscode/package-lock.json
index c93f6167c80a1e7..c8b39b868191cc1 100644
--- a/mlir/utils/vscode/package-lock.json
+++ b/mlir/utils/vscode/package-lock.json
@@ -9,7 +9,7 @@
       "version": "0.0.11",
       "dependencies": {
         "base64-js": "^1.5.1",
-        "chokidar": "3.5.2",
+        "chokidar": "^3.5.3",
         "vscode-languageclient": "^8.0.2-next.5"
       },
       "devDependencies": {
@@ -430,9 +430,15 @@
       "dev": true
     },
     "node_modules/chokidar": {
-      "version": "3.5.2",
-      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.2.tgz",
-      "integrity": "sha512-ekGhOnNVPgT77r4K/U3GDhu+FQ2S8TnK/s2KbIGXi0SZWuwkZ2QNyfWdZW+TVfn84DpEP7rLeCt2UI6bJ8GwbQ==",
+      "version": "3.5.3",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz",
+      "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==",
+      "funding": [
+        {
+          "type": "individual",
+          "url": "https://paulmillr.com/funding/"
+        }
+      ],
       "dependencies": {
         "anymatch": "~3.1.2",
         "braces": "~3.0.2",
@@ -2311,9 +2317,9 @@
       }
     },
     "chokidar": {
-      "version": "3.5.2",
-      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.2.tgz",
-      "integrity": "sha512-ekGhOnNVPgT77r4K/U3GDhu+FQ2S8TnK/s2KbIGXi0SZWuwkZ2QNyfWdZW+TVfn84DpEP7rLeCt2UI6bJ8GwbQ==",
+      "version": "3.5.3",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz",
+      "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==",
       "requires": {
         "anymatch": "~3.1.2",
         "braces": "~3.0.2",
diff --git a/mlir/utils/vscode/package.json b/mlir/utils/vscode/package.json
index bd550e2b6e61e24..71eb8a53fd6c1f6 100644
--- a/mlir/utils/vscode/package.json
+++ b/mlir/utils/vscode/package.json
@@ -38,7 +38,7 @@
   },
   "dependencies": {
     "base64-js": "^1.5.1",
-    "chokidar": "3.5.2",
+    "chokidar": "3.5.3",
     "vscode-languageclient": "^8.0.2-next.5"
   },
   "devDependencies": {

>From c16496fa21ca79f5e98f286bed2265ae11189efb Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot at snyk.io>
Date: Fri, 19 Jan 2024 07:31:36 +0000
Subject: [PATCH 3/6] fix: upgrade nan from 2.17.0 to 2.18.0

Snyk has created this PR to upgrade nan from 2.17.0 to 2.18.0.

See this package in npm:
https://www.npmjs.com/package/nan

See this project in Snyk:
https://app.snyk.io/org/gitaction-log4j/project/cdf4c41c-0fad-4cd0-b725-0df4e6e0e297?utm_source=github&utm_medium=referral&page=upgrade-pr
---
 mlir/utils/tree-sitter-mlir/package-lock.json | 8 ++++----
 mlir/utils/tree-sitter-mlir/package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/mlir/utils/tree-sitter-mlir/package-lock.json b/mlir/utils/tree-sitter-mlir/package-lock.json
index 5676fb892f12f22..da495fa05e26591 100644
--- a/mlir/utils/tree-sitter-mlir/package-lock.json
+++ b/mlir/utils/tree-sitter-mlir/package-lock.json
@@ -9,7 +9,7 @@
       "version": "0.0.1",
       "license": "Apache-2.0",
       "dependencies": {
-        "nan": "^2.17.0"
+        "nan": "^2.18.0"
       },
       "devDependencies": {
         "glob": "^8.1.0",
@@ -85,9 +85,9 @@
       }
     },
     "node_modules/nan": {
-      "version": "2.17.0",
-      "resolved": "https://registry.npmjs.org/nan/-/nan-2.17.0.tgz",
-      "integrity": "sha512-2ZTgtl0nJsO0KQCjEpxcIr5D+Yv90plTitZt9JBfQvVJDS5seMl3FOvsh3+9CoYWXf/1l5OaZzzF6nDm4cagaQ=="
+      "version": "2.18.0",
+      "resolved": "https://registry.npmjs.org/nan/-/nan-2.18.0.tgz",
+      "integrity": "sha512-W7tfG7vMOGtD30sHoZSSc/JVYiyDPEyQVso/Zz+/uQd0B0L46gtC+pHha5FFMRpil6fm/AoEcRWyOVi4+E/f8w=="
     },
     "node_modules/once": {
       "version": "1.4.0",
diff --git a/mlir/utils/tree-sitter-mlir/package.json b/mlir/utils/tree-sitter-mlir/package.json
index afb687a38e2b312..dc20eb16e971f95 100644
--- a/mlir/utils/tree-sitter-mlir/package.json
+++ b/mlir/utils/tree-sitter-mlir/package.json
@@ -16,7 +16,7 @@
     "grammar"
   ],
   "dependencies": {
-    "nan": "^2.17.0"
+    "nan": "^2.18.0"
   },
   "devDependencies": {
     "glob": "^8.1.0",

>From 778b996957696d770daf92fd4c205e13f78c0850 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot at snyk.io>
Date: Mon, 22 Jan 2024 06:00:17 +0000
Subject: [PATCH 4/6] fix: clang/utils/analyzer/requirements.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918
---
 clang/utils/analyzer/requirements.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/clang/utils/analyzer/requirements.txt b/clang/utils/analyzer/requirements.txt
index 8ae8bc88ac19105..98f59631cb85640 100644
--- a/clang/utils/analyzer/requirements.txt
+++ b/clang/utils/analyzer/requirements.txt
@@ -4,3 +4,4 @@ matplotlib
 pandas
 psutil
 seaborn
+pillow>=10.2.0 # not directly required, pinned by Snyk to avoid a vulnerability

>From 040dceee80835841c21eceea1816f26b1ae744f4 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot at snyk.io>
Date: Fri, 26 Jan 2024 17:01:31 +0000
Subject: [PATCH 5/6] fix: llvm/utils/git/requirements_formatting.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975
---
 llvm/utils/git/requirements_formatting.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/llvm/utils/git/requirements_formatting.txt b/llvm/utils/git/requirements_formatting.txt
index ff744f0d4225f59..13dcd68f908748d 100644
--- a/llvm/utils/git/requirements_formatting.txt
+++ b/llvm/utils/git/requirements_formatting.txt
@@ -18,7 +18,7 @@ charset-normalizer==3.2.0
     # via requests
 click==8.1.7
     # via black
-cryptography==41.0.3
+cryptography==42.0.0
     # via pyjwt
 darker==1.7.2
     # via -r llvm/utils/git/requirements_formatting.txt.in

>From 1f80440f313dc148813943dcd6c07b1d50d8cb5e Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot at snyk.io>
Date: Sat, 27 Jan 2024 00:31:34 +0000
Subject: [PATCH 6/6] fix: llvm/utils/git/requirements.txt to reduce
 vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975
---
 llvm/utils/git/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/llvm/utils/git/requirements.txt b/llvm/utils/git/requirements.txt
index bed449e6bf9f092..c2b95a6dac135e1 100644
--- a/llvm/utils/git/requirements.txt
+++ b/llvm/utils/git/requirements.txt
@@ -14,7 +14,7 @@ cffi==1.15.1
     #   pynacl
 charset-normalizer==2.1.1
     # via requests
-cryptography==41.0.3
+cryptography==42.0.0
     # via pyjwt
 deprecated==1.2.13
     # via pygithub



More information about the cfe-commits mailing list