Skip to content

Upgrading Dependencies - Fixing security vulnerabilities #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Upgrading Dependencies - Fixing security vulnerabilities #29

wants to merge 8 commits into from

Conversation

Rajaniraiyn
Copy link
Contributor

@Rajaniraiyn Rajaniraiyn commented Apr 22, 2023
edited
Loading

Checklist

  • tests are included.
  • tests pass successfully.
  • documentation is changed or added.
  • commit message follows conventional commits.
  • code follows the required quality and formatting standards specified in CONTRIBUTING.md.

Changes

  • Upgrade cryptography from 38.0.3 → 39.0.1 - fixes one high and one medium level security vulnerability

dependabot bot and others added 8 commits April 21, 2023 18:47
@dependabot
build(deps): bump cryptography from 38.0.3 to 39.0.1
3b08b3f 
Bumps [cryptography](https://github.com/pyca/cryptography) from 38.0.3 to 39.0.1.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@38.0.3...39.0.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@Rajaniraiyn
Merge pull request #3 from Rajaniraiyn/dependabot/pip/cryptography-39…
64720da 
….0.1

build(deps): bump cryptography from 38.0.3 to 39.0.1
@dependabot
build(deps): bump requests from 2.27.1 to 2.31.0
fd282e4 
Bumps [requests](https://github.com/psf/requests) from 2.27.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.27.1...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps-dev): bump cryptography from 39.0.1 to 41.0.4
f9ece41 
Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.1 to 41.0.4.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@39.0.1...41.0.4)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps-dev): bump urllib3 from 1.26.9 to 1.26.17
0844291 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.9 to 1.26.17.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.9...1.26.17)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@Rajaniraiyn
Merge pull request #10 from Rajaniraiyn/dependabot/pip/urllib3-1.26.17
6625d47 
build(deps-dev): bump urllib3 from 1.26.9 to 1.26.17
@Rajaniraiyn
Merge pull request #9 from Rajaniraiyn/dependabot/pip/cryptography-41…
bff1ed7 
….0.4

build(deps-dev): bump cryptography from 39.0.1 to 41.0.4
@Rajaniraiyn
Merge pull request #4 from Rajaniraiyn/dependabot/pip/requests-2.31.0
1dc2480 
build(deps): bump requests from 2.27.1 to 2.31.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Rajaniraiyn