[llvm] Generate a new requirements.txt to fix CVEs (PR #90109)
via llvm-commits
llvm-commits at lists.llvm.org
Thu Apr 25 12:32:02 PDT 2024
https://github.com/joycebrum created https://github.com/llvm/llvm-project/pull/90109
Hi! Here is a patch for #81859 that fix the vulnerabilities found in gitpython, cryptography, urllib3 and requests.
I have just regenerated the requirements.txt files running pip-compile again. Fortunately, this was enough to set all the dependencies on safe versions.
I have also checked if new vulnerabilities were introduced by running scorecard on my fork, but none has been introduced.
Thanks!
>From 80cd37c5b102f071d96a0df6af6cde7ebbf3636d Mon Sep 17 00:00:00 2001
From: Joyce Brum <joycebrum at google.com>
Date: Thu, 25 Apr 2024 18:08:10 +0000
Subject: [PATCH] fix: generate .txt files again
Signed-off-by: Joyce Brum <joycebrum at google.com>
---
llvm/utils/git/requirements.txt | 30 ++++++++++------------
llvm/utils/git/requirements_formatting.txt | 24 ++++++++---------
2 files changed, 26 insertions(+), 28 deletions(-)
diff --git a/llvm/utils/git/requirements.txt b/llvm/utils/git/requirements.txt
index bed449e6bf9f09..0ff62a8ea5be42 100644
--- a/llvm/utils/git/requirements.txt
+++ b/llvm/utils/git/requirements.txt
@@ -4,41 +4,39 @@
#
# pip-compile --output-file=requirements.txt requirements.txt.in
#
-certifi==2023.7.22
+certifi==2024.2.2
# via
# -r requirements.txt.in
# requests
-cffi==1.15.1
+cffi==1.16.0
# via
# cryptography
# pynacl
-charset-normalizer==2.1.1
+charset-normalizer==3.3.2
# via requests
-cryptography==41.0.3
+cryptography==42.0.5
# via pyjwt
-deprecated==1.2.13
+deprecated==1.2.14
# via pygithub
-gitdb==4.0.9
+gitdb==4.0.11
# via gitpython
-gitpython==3.1.32
+gitpython==3.1.43
# via -r requirements.txt.in
-idna==3.4
+idna==3.7
# via requests
-pycparser==2.21
+pycparser==2.22
# via cffi
pygithub==1.59.1
# via -r requirements.txt.in
-pyjwt[crypto]==2.5.0
+pyjwt[crypto]==2.8.0
# via pygithub
pynacl==1.5.0
# via pygithub
-requests==2.28.1
+requests==2.31.0
# via pygithub
-smmap==5.0.0
+smmap==5.0.1
# via gitdb
-types-cryptography==3.3.23.2
- # via pyjwt
-urllib3==1.26.12
+urllib3==2.2.1
# via requests
-wrapt==1.14.1
+wrapt==1.16.0
# via deprecated
diff --git a/llvm/utils/git/requirements_formatting.txt b/llvm/utils/git/requirements_formatting.txt
index ff744f0d4225f5..4c9dbd8755ab50 100644
--- a/llvm/utils/git/requirements_formatting.txt
+++ b/llvm/utils/git/requirements_formatting.txt
@@ -4,37 +4,37 @@
#
# pip-compile --output-file=llvm/utils/git/requirements_formatting.txt llvm/utils/git/requirements_formatting.txt.in
#
-black==23.9.1
+black==23.12.1
# via
# -r llvm/utils/git/requirements_formatting.txt.in
# darker
-certifi==2023.7.22
+certifi==2024.2.2
# via requests
-cffi==1.15.1
+cffi==1.16.0
# via
# cryptography
# pynacl
-charset-normalizer==3.2.0
+charset-normalizer==3.3.2
# via requests
click==8.1.7
# via black
-cryptography==41.0.3
+cryptography==42.0.5
# via pyjwt
darker==1.7.2
# via -r llvm/utils/git/requirements_formatting.txt.in
deprecated==1.2.14
# via pygithub
-idna==3.4
+idna==3.7
# via requests
mypy-extensions==1.0.0
# via black
-packaging==23.1
+packaging==24.0
# via black
-pathspec==0.11.2
+pathspec==0.12.1
# via black
-platformdirs==3.10.0
+platformdirs==4.2.1
# via black
-pycparser==2.21
+pycparser==2.22
# via cffi
pygithub==1.59.1
# via -r llvm/utils/git/requirements_formatting.txt.in
@@ -46,7 +46,7 @@ requests==2.31.0
# via pygithub
toml==0.10.2
# via darker
-urllib3==2.0.4
+urllib3==2.2.1
# via requests
-wrapt==1.15.0
+wrapt==1.16.0
# via deprecated
More information about the llvm-commits
mailing list