[clang] [clang-tools-extra] [libcxx] [libc] [compiler-rt] [llvm] [mlir] [flang] [lldb] [lld] fix vulnerabilities (PR #79697)
via llvm-commits
llvm-commits at lists.llvm.org
Tue Feb 6 09:05:01 PST 2024
https://github.com/gitworkflows updated https://github.com/llvm/llvm-project/pull/79697
>From f7b4f61db6016a1a02d775efc1e921fac785e823 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot at snyk.io>
Date: Fri, 19 Jan 2024 07:12:22 +0000
Subject: [PATCH 1/6] feat: upgrade vscode-languageclient from 8.0.2-next.5 to
9.0.1
Snyk has created this PR to upgrade vscode-languageclient from 8.0.2-next.5 to 9.0.1.
See this package in npm:
https://www.npmjs.com/package/vscode-languageclient
See this project in Snyk:
https://app.snyk.io/org/gitaction-log4j/project/a71a1b94-9555-4c53-b459-4ef6c4d3545e?utm_source=github&utm_medium=referral&page=upgrade-pr
---
mlir/utils/vscode/package-lock.json | 117 +++++++++++++++++++---------
mlir/utils/vscode/package.json | 2 +-
2 files changed, 80 insertions(+), 39 deletions(-)
diff --git a/mlir/utils/vscode/package-lock.json b/mlir/utils/vscode/package-lock.json
index c93f6167c80a1..7d573b63fcca1 100644
--- a/mlir/utils/vscode/package-lock.json
+++ b/mlir/utils/vscode/package-lock.json
@@ -10,7 +10,7 @@
"dependencies": {
"base64-js": "^1.5.1",
"chokidar": "3.5.2",
- "vscode-languageclient": "^8.0.2-next.5"
+ "vscode-languageclient": "^9.0.1"
},
"devDependencies": {
"@types/mocha": "^7.0.2",
@@ -279,6 +279,7 @@
"version": "1.1.11",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
"integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+ "dev": true,
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -509,7 +510,8 @@
"node_modules/concat-map": {
"version": "0.0.1",
"resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
- "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
+ "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
+ "dev": true
},
"node_modules/console-control-strings": {
"version": "1.1.0",
@@ -1198,6 +1200,7 @@
"version": "3.0.4",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
"integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
+ "dev": true,
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -1881,24 +1884,43 @@
"dev": true
},
"node_modules/vscode-jsonrpc": {
- "version": "8.0.2-next.1",
- "resolved": "https://registry.npmjs.org/vscode-jsonrpc/-/vscode-jsonrpc-8.0.2-next.1.tgz",
- "integrity": "sha512-sbbvGSWja7NVBLHPGawtgezc8DHYJaP4qfr/AaJiyDapWcSFtHyPtm18+LnYMLTmB7bhOUW/lf5PeeuLpP6bKA==",
+ "version": "8.2.0",
+ "resolved": "https://registry.npmjs.org/vscode-jsonrpc/-/vscode-jsonrpc-8.2.0.tgz",
+ "integrity": "sha512-C+r0eKJUIfiDIfwJhria30+TYWPtuHJXHtI7J0YlOmKAo7ogxP20T0zxB7HZQIFhIyvoBPwWskjxrvAtfjyZfA==",
"engines": {
"node": ">=14.0.0"
}
},
"node_modules/vscode-languageclient": {
- "version": "8.0.2-next.5",
- "resolved": "https://registry.npmjs.org/vscode-languageclient/-/vscode-languageclient-8.0.2-next.5.tgz",
- "integrity": "sha512-g87RJLHz0XlRyk6DOTbAk4JHcj8CKggXy4JiFL7OlhETkcYzTOR8d+Qdb4GqZr37PDs1Cl21omtTNK5LyR/RQg==",
+ "version": "9.0.1",
+ "resolved": "https://registry.npmjs.org/vscode-languageclient/-/vscode-languageclient-9.0.1.tgz",
+ "integrity": "sha512-JZiimVdvimEuHh5olxhxkht09m3JzUGwggb5eRUkzzJhZ2KjCN0nh55VfiED9oez9DyF8/fz1g1iBV3h+0Z2EA==",
"dependencies": {
- "minimatch": "^3.0.4",
- "semver": "^7.3.5",
- "vscode-languageserver-protocol": "3.17.2-next.6"
+ "minimatch": "^5.1.0",
+ "semver": "^7.3.7",
+ "vscode-languageserver-protocol": "3.17.5"
},
"engines": {
- "vscode": "^1.67.0"
+ "vscode": "^1.82.0"
+ }
+ },
+ "node_modules/vscode-languageclient/node_modules/brace-expansion": {
+ "version": "2.0.1",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+ "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+ "dependencies": {
+ "balanced-match": "^1.0.0"
+ }
+ },
+ "node_modules/vscode-languageclient/node_modules/minimatch": {
+ "version": "5.1.6",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
+ "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "dependencies": {
+ "brace-expansion": "^2.0.1"
+ },
+ "engines": {
+ "node": ">=10"
}
},
"node_modules/vscode-languageclient/node_modules/semver": {
@@ -1916,18 +1938,18 @@
}
},
"node_modules/vscode-languageserver-protocol": {
- "version": "3.17.2-next.6",
- "resolved": "https://registry.npmjs.org/vscode-languageserver-protocol/-/vscode-languageserver-protocol-3.17.2-next.6.tgz",
- "integrity": "sha512-WtsebNOOkWyNn4oFYoAMPC8Q/ZDoJ/K7Ja53OzTixiitvrl/RpXZETrtzH79R8P5kqCyx6VFBPb6KQILJfkDkA==",
+ "version": "3.17.5",
+ "resolved": "https://registry.npmjs.org/vscode-languageserver-protocol/-/vscode-languageserver-protocol-3.17.5.tgz",
+ "integrity": "sha512-mb1bvRJN8SVznADSGWM9u/b07H7Ecg0I3OgXDuLdn307rl/J3A9YD6/eYOssqhecL27hK1IPZAsaqh00i/Jljg==",
"dependencies": {
- "vscode-jsonrpc": "8.0.2-next.1",
- "vscode-languageserver-types": "3.17.2-next.2"
+ "vscode-jsonrpc": "8.2.0",
+ "vscode-languageserver-types": "3.17.5"
}
},
"node_modules/vscode-languageserver-types": {
- "version": "3.17.2-next.2",
- "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.17.2-next.2.tgz",
- "integrity": "sha512-TiAkLABgqkVWdAlC3XlOfdhdjIAdVU4YntPUm9kKGbXr+MGwpVnKz2KZMNBcvG0CFx8Hi8qliL0iq+ndPB720w=="
+ "version": "3.17.5",
+ "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.17.5.tgz",
+ "integrity": "sha512-Ld1VelNuX9pdF39h2Hgaeb5hEZM2Z3jUrrMgWQAu82jMtZp7p3vJT3BzToKtZI7NgQssZje5o0zryOrhQvzQAg=="
},
"node_modules/vscode-test": {
"version": "1.6.1",
@@ -2202,6 +2224,7 @@
"version": "1.1.11",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
"integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+ "dev": true,
"requires": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -2374,7 +2397,8 @@
"concat-map": {
"version": "0.0.1",
"resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
- "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
+ "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
+ "dev": true
},
"console-control-strings": {
"version": "1.1.0",
@@ -2898,6 +2922,7 @@
"version": "3.0.4",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
"integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
+ "dev": true,
"requires": {
"brace-expansion": "^1.1.7"
}
@@ -3442,20 +3467,36 @@
"dev": true
},
"vscode-jsonrpc": {
- "version": "8.0.2-next.1",
- "resolved": "https://registry.npmjs.org/vscode-jsonrpc/-/vscode-jsonrpc-8.0.2-next.1.tgz",
- "integrity": "sha512-sbbvGSWja7NVBLHPGawtgezc8DHYJaP4qfr/AaJiyDapWcSFtHyPtm18+LnYMLTmB7bhOUW/lf5PeeuLpP6bKA=="
+ "version": "8.2.0",
+ "resolved": "https://registry.npmjs.org/vscode-jsonrpc/-/vscode-jsonrpc-8.2.0.tgz",
+ "integrity": "sha512-C+r0eKJUIfiDIfwJhria30+TYWPtuHJXHtI7J0YlOmKAo7ogxP20T0zxB7HZQIFhIyvoBPwWskjxrvAtfjyZfA=="
},
"vscode-languageclient": {
- "version": "8.0.2-next.5",
- "resolved": "https://registry.npmjs.org/vscode-languageclient/-/vscode-languageclient-8.0.2-next.5.tgz",
- "integrity": "sha512-g87RJLHz0XlRyk6DOTbAk4JHcj8CKggXy4JiFL7OlhETkcYzTOR8d+Qdb4GqZr37PDs1Cl21omtTNK5LyR/RQg==",
+ "version": "9.0.1",
+ "resolved": "https://registry.npmjs.org/vscode-languageclient/-/vscode-languageclient-9.0.1.tgz",
+ "integrity": "sha512-JZiimVdvimEuHh5olxhxkht09m3JzUGwggb5eRUkzzJhZ2KjCN0nh55VfiED9oez9DyF8/fz1g1iBV3h+0Z2EA==",
"requires": {
- "minimatch": "^3.0.4",
- "semver": "^7.3.5",
- "vscode-languageserver-protocol": "3.17.2-next.6"
+ "minimatch": "^5.1.0",
+ "semver": "^7.3.7",
+ "vscode-languageserver-protocol": "3.17.5"
},
"dependencies": {
+ "brace-expansion": {
+ "version": "2.0.1",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+ "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+ "requires": {
+ "balanced-match": "^1.0.0"
+ }
+ },
+ "minimatch": {
+ "version": "5.1.6",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
+ "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "requires": {
+ "brace-expansion": "^2.0.1"
+ }
+ },
"semver": {
"version": "7.3.7",
"resolved": "https://registry.npmjs.org/semver/-/semver-7.3.7.tgz",
@@ -3467,18 +3508,18 @@
}
},
"vscode-languageserver-protocol": {
- "version": "3.17.2-next.6",
- "resolved": "https://registry.npmjs.org/vscode-languageserver-protocol/-/vscode-languageserver-protocol-3.17.2-next.6.tgz",
- "integrity": "sha512-WtsebNOOkWyNn4oFYoAMPC8Q/ZDoJ/K7Ja53OzTixiitvrl/RpXZETrtzH79R8P5kqCyx6VFBPb6KQILJfkDkA==",
+ "version": "3.17.5",
+ "resolved": "https://registry.npmjs.org/vscode-languageserver-protocol/-/vscode-languageserver-protocol-3.17.5.tgz",
+ "integrity": "sha512-mb1bvRJN8SVznADSGWM9u/b07H7Ecg0I3OgXDuLdn307rl/J3A9YD6/eYOssqhecL27hK1IPZAsaqh00i/Jljg==",
"requires": {
- "vscode-jsonrpc": "8.0.2-next.1",
- "vscode-languageserver-types": "3.17.2-next.2"
+ "vscode-jsonrpc": "8.2.0",
+ "vscode-languageserver-types": "3.17.5"
}
},
"vscode-languageserver-types": {
- "version": "3.17.2-next.2",
- "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.17.2-next.2.tgz",
- "integrity": "sha512-TiAkLABgqkVWdAlC3XlOfdhdjIAdVU4YntPUm9kKGbXr+MGwpVnKz2KZMNBcvG0CFx8Hi8qliL0iq+ndPB720w=="
+ "version": "3.17.5",
+ "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.17.5.tgz",
+ "integrity": "sha512-Ld1VelNuX9pdF39h2Hgaeb5hEZM2Z3jUrrMgWQAu82jMtZp7p3vJT3BzToKtZI7NgQssZje5o0zryOrhQvzQAg=="
},
"vscode-test": {
"version": "1.6.1",
diff --git a/mlir/utils/vscode/package.json b/mlir/utils/vscode/package.json
index bd550e2b6e61e..d7f67d441e553 100644
--- a/mlir/utils/vscode/package.json
+++ b/mlir/utils/vscode/package.json
@@ -39,7 +39,7 @@
"dependencies": {
"base64-js": "^1.5.1",
"chokidar": "3.5.2",
- "vscode-languageclient": "^8.0.2-next.5"
+ "vscode-languageclient": "^9.0.1"
},
"devDependencies": {
"@types/mocha": "^7.0.2",
>From a93fe7036c42346b2250afb757ebee5e3afcab31 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot at snyk.io>
Date: Fri, 19 Jan 2024 07:12:27 +0000
Subject: [PATCH 2/6] fix: upgrade chokidar from 3.5.2 to 3.5.3
Snyk has created this PR to upgrade chokidar from 3.5.2 to 3.5.3.
See this package in npm:
https://www.npmjs.com/package/chokidar
See this project in Snyk:
https://app.snyk.io/org/gitaction-log4j/project/a71a1b94-9555-4c53-b459-4ef6c4d3545e?utm_source=github&utm_medium=referral&page=upgrade-pr
---
mlir/utils/vscode/package-lock.json | 20 +++++++++++++-------
mlir/utils/vscode/package.json | 2 +-
2 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/mlir/utils/vscode/package-lock.json b/mlir/utils/vscode/package-lock.json
index c93f6167c80a1..c8b39b868191c 100644
--- a/mlir/utils/vscode/package-lock.json
+++ b/mlir/utils/vscode/package-lock.json
@@ -9,7 +9,7 @@
"version": "0.0.11",
"dependencies": {
"base64-js": "^1.5.1",
- "chokidar": "3.5.2",
+ "chokidar": "^3.5.3",
"vscode-languageclient": "^8.0.2-next.5"
},
"devDependencies": {
@@ -430,9 +430,15 @@
"dev": true
},
"node_modules/chokidar": {
- "version": "3.5.2",
- "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.2.tgz",
- "integrity": "sha512-ekGhOnNVPgT77r4K/U3GDhu+FQ2S8TnK/s2KbIGXi0SZWuwkZ2QNyfWdZW+TVfn84DpEP7rLeCt2UI6bJ8GwbQ==",
+ "version": "3.5.3",
+ "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz",
+ "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==",
+ "funding": [
+ {
+ "type": "individual",
+ "url": "https://paulmillr.com/funding/"
+ }
+ ],
"dependencies": {
"anymatch": "~3.1.2",
"braces": "~3.0.2",
@@ -2311,9 +2317,9 @@
}
},
"chokidar": {
- "version": "3.5.2",
- "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.2.tgz",
- "integrity": "sha512-ekGhOnNVPgT77r4K/U3GDhu+FQ2S8TnK/s2KbIGXi0SZWuwkZ2QNyfWdZW+TVfn84DpEP7rLeCt2UI6bJ8GwbQ==",
+ "version": "3.5.3",
+ "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz",
+ "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==",
"requires": {
"anymatch": "~3.1.2",
"braces": "~3.0.2",
diff --git a/mlir/utils/vscode/package.json b/mlir/utils/vscode/package.json
index bd550e2b6e61e..71eb8a53fd6c1 100644
--- a/mlir/utils/vscode/package.json
+++ b/mlir/utils/vscode/package.json
@@ -38,7 +38,7 @@
},
"dependencies": {
"base64-js": "^1.5.1",
- "chokidar": "3.5.2",
+ "chokidar": "3.5.3",
"vscode-languageclient": "^8.0.2-next.5"
},
"devDependencies": {
>From c16496fa21ca79f5e98f286bed2265ae11189efb Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot at snyk.io>
Date: Fri, 19 Jan 2024 07:31:36 +0000
Subject: [PATCH 3/6] fix: upgrade nan from 2.17.0 to 2.18.0
Snyk has created this PR to upgrade nan from 2.17.0 to 2.18.0.
See this package in npm:
https://www.npmjs.com/package/nan
See this project in Snyk:
https://app.snyk.io/org/gitaction-log4j/project/cdf4c41c-0fad-4cd0-b725-0df4e6e0e297?utm_source=github&utm_medium=referral&page=upgrade-pr
---
mlir/utils/tree-sitter-mlir/package-lock.json | 8 ++++----
mlir/utils/tree-sitter-mlir/package.json | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/mlir/utils/tree-sitter-mlir/package-lock.json b/mlir/utils/tree-sitter-mlir/package-lock.json
index 5676fb892f12f..da495fa05e265 100644
--- a/mlir/utils/tree-sitter-mlir/package-lock.json
+++ b/mlir/utils/tree-sitter-mlir/package-lock.json
@@ -9,7 +9,7 @@
"version": "0.0.1",
"license": "Apache-2.0",
"dependencies": {
- "nan": "^2.17.0"
+ "nan": "^2.18.0"
},
"devDependencies": {
"glob": "^8.1.0",
@@ -85,9 +85,9 @@
}
},
"node_modules/nan": {
- "version": "2.17.0",
- "resolved": "https://registry.npmjs.org/nan/-/nan-2.17.0.tgz",
- "integrity": "sha512-2ZTgtl0nJsO0KQCjEpxcIr5D+Yv90plTitZt9JBfQvVJDS5seMl3FOvsh3+9CoYWXf/1l5OaZzzF6nDm4cagaQ=="
+ "version": "2.18.0",
+ "resolved": "https://registry.npmjs.org/nan/-/nan-2.18.0.tgz",
+ "integrity": "sha512-W7tfG7vMOGtD30sHoZSSc/JVYiyDPEyQVso/Zz+/uQd0B0L46gtC+pHha5FFMRpil6fm/AoEcRWyOVi4+E/f8w=="
},
"node_modules/once": {
"version": "1.4.0",
diff --git a/mlir/utils/tree-sitter-mlir/package.json b/mlir/utils/tree-sitter-mlir/package.json
index afb687a38e2b3..dc20eb16e971f 100644
--- a/mlir/utils/tree-sitter-mlir/package.json
+++ b/mlir/utils/tree-sitter-mlir/package.json
@@ -16,7 +16,7 @@
"grammar"
],
"dependencies": {
- "nan": "^2.17.0"
+ "nan": "^2.18.0"
},
"devDependencies": {
"glob": "^8.1.0",
>From 778b996957696d770daf92fd4c205e13f78c0850 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot at snyk.io>
Date: Mon, 22 Jan 2024 06:00:17 +0000
Subject: [PATCH 4/6] fix: clang/utils/analyzer/requirements.txt to reduce
vulnerabilities
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6182918
---
clang/utils/analyzer/requirements.txt | 1 +
1 file changed, 1 insertion(+)
diff --git a/clang/utils/analyzer/requirements.txt b/clang/utils/analyzer/requirements.txt
index 8ae8bc88ac191..98f59631cb856 100644
--- a/clang/utils/analyzer/requirements.txt
+++ b/clang/utils/analyzer/requirements.txt
@@ -4,3 +4,4 @@ matplotlib
pandas
psutil
seaborn
+pillow>=10.2.0 # not directly required, pinned by Snyk to avoid a vulnerability
>From 040dceee80835841c21eceea1816f26b1ae744f4 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot at snyk.io>
Date: Fri, 26 Jan 2024 17:01:31 +0000
Subject: [PATCH 5/6] fix: llvm/utils/git/requirements_formatting.txt to reduce
vulnerabilities
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975
---
llvm/utils/git/requirements_formatting.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/llvm/utils/git/requirements_formatting.txt b/llvm/utils/git/requirements_formatting.txt
index ff744f0d4225f..13dcd68f90874 100644
--- a/llvm/utils/git/requirements_formatting.txt
+++ b/llvm/utils/git/requirements_formatting.txt
@@ -18,7 +18,7 @@ charset-normalizer==3.2.0
# via requests
click==8.1.7
# via black
-cryptography==41.0.3
+cryptography==42.0.0
# via pyjwt
darker==1.7.2
# via -r llvm/utils/git/requirements_formatting.txt.in
>From 1f80440f313dc148813943dcd6c07b1d50d8cb5e Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot at snyk.io>
Date: Sat, 27 Jan 2024 00:31:34 +0000
Subject: [PATCH 6/6] fix: llvm/utils/git/requirements.txt to reduce
vulnerabilities
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975
---
llvm/utils/git/requirements.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/llvm/utils/git/requirements.txt b/llvm/utils/git/requirements.txt
index bed449e6bf9f0..c2b95a6dac135 100644
--- a/llvm/utils/git/requirements.txt
+++ b/llvm/utils/git/requirements.txt
@@ -14,7 +14,7 @@ cffi==1.15.1
# pynacl
charset-normalizer==2.1.1
# via requests
-cryptography==41.0.3
+cryptography==42.0.0
# via pyjwt
deprecated==1.2.13
# via pygithub
More information about the llvm-commits
mailing list