[llvm] 00e3620 - Generate a new requirements.txt to fix CVEs (#90109)
via llvm-commits
llvm-commits at lists.llvm.org
Fri May 10 12:05:58 PDT 2024
Author: Joyce
Date: 2024-05-10T12:05:54-07:00
New Revision: 00e3620a0e7ceb8ab1c0cae303e40ad2528fdebe
URL: https://github.com/llvm/llvm-project/commit/00e3620a0e7ceb8ab1c0cae303e40ad2528fdebe
DIFF: https://github.com/llvm/llvm-project/commit/00e3620a0e7ceb8ab1c0cae303e40ad2528fdebe.diff
LOG: Generate a new requirements.txt to fix CVEs (#90109)
Hi! Here is a patch for #81859 that fix the vulnerabilities found in
gitpython, cryptography, urllib3 and requests.
I have just regenerated the requirements.txt files running pip-compile
again. Fortunately, this was enough to set all the dependencies on safe
versions.
I have also checked if new vulnerabilities were introduced by running
scorecard on my fork, but none has been introduced.
Thanks!
Signed-off-by: Joyce Brum <joycebrum at google.com>
Added:
Modified:
llvm/utils/git/requirements.txt
llvm/utils/git/requirements_formatting.txt
Removed:
################################################################################
diff --git a/llvm/utils/git/requirements.txt b/llvm/utils/git/requirements.txt
index bed449e6bf9f0..0ff62a8ea5be4 100644
--- a/llvm/utils/git/requirements.txt
+++ b/llvm/utils/git/requirements.txt
@@ -4,41 +4,39 @@
#
# pip-compile --output-file=requirements.txt requirements.txt.in
#
-certifi==2023.7.22
+certifi==2024.2.2
# via
# -r requirements.txt.in
# requests
-cffi==1.15.1
+cffi==1.16.0
# via
# cryptography
# pynacl
-charset-normalizer==2.1.1
+charset-normalizer==3.3.2
# via requests
-cryptography==41.0.3
+cryptography==42.0.5
# via pyjwt
-deprecated==1.2.13
+deprecated==1.2.14
# via pygithub
-gitdb==4.0.9
+gitdb==4.0.11
# via gitpython
-gitpython==3.1.32
+gitpython==3.1.43
# via -r requirements.txt.in
-idna==3.4
+idna==3.7
# via requests
-pycparser==2.21
+pycparser==2.22
# via cffi
pygithub==1.59.1
# via -r requirements.txt.in
-pyjwt[crypto]==2.5.0
+pyjwt[crypto]==2.8.0
# via pygithub
pynacl==1.5.0
# via pygithub
-requests==2.28.1
+requests==2.31.0
# via pygithub
-smmap==5.0.0
+smmap==5.0.1
# via gitdb
-types-cryptography==3.3.23.2
- # via pyjwt
-urllib3==1.26.12
+urllib3==2.2.1
# via requests
-wrapt==1.14.1
+wrapt==1.16.0
# via deprecated
diff --git a/llvm/utils/git/requirements_formatting.txt b/llvm/utils/git/requirements_formatting.txt
index ff744f0d4225f..4c9dbd8755ab5 100644
--- a/llvm/utils/git/requirements_formatting.txt
+++ b/llvm/utils/git/requirements_formatting.txt
@@ -4,37 +4,37 @@
#
# pip-compile --output-file=llvm/utils/git/requirements_formatting.txt llvm/utils/git/requirements_formatting.txt.in
#
-black==23.9.1
+black==23.12.1
# via
# -r llvm/utils/git/requirements_formatting.txt.in
# darker
-certifi==2023.7.22
+certifi==2024.2.2
# via requests
-cffi==1.15.1
+cffi==1.16.0
# via
# cryptography
# pynacl
-charset-normalizer==3.2.0
+charset-normalizer==3.3.2
# via requests
click==8.1.7
# via black
-cryptography==41.0.3
+cryptography==42.0.5
# via pyjwt
darker==1.7.2
# via -r llvm/utils/git/requirements_formatting.txt.in
deprecated==1.2.14
# via pygithub
-idna==3.4
+idna==3.7
# via requests
mypy-extensions==1.0.0
# via black
-packaging==23.1
+packaging==24.0
# via black
-pathspec==0.11.2
+pathspec==0.12.1
# via black
-platformdirs==3.10.0
+platformdirs==4.2.1
# via black
-pycparser==2.21
+pycparser==2.22
# via cffi
pygithub==1.59.1
# via -r llvm/utils/git/requirements_formatting.txt.in
@@ -46,7 +46,7 @@ requests==2.31.0
# via pygithub
toml==0.10.2
# via darker
-urllib3==2.0.4
+urllib3==2.2.1
# via requests
-wrapt==1.15.0
+wrapt==1.16.0
# via deprecated
More information about the llvm-commits
mailing list