Skip to content

Update importlib-metadata (security) #6072

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
arm4b merged 2 commits into from
Nov 27, 2023
Merged

Update importlib-metadata (security) #6072

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
793ee7d
Update importlib-metadata from 3.10.1 to 4.8.3 for py3.6 and to 4.10.…
arm4b Nov 26, 2023
7f3af7b
Update the Changelog for #6072
arm4b Nov 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion CHANGELOG.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ in development

Fixed
~~~~~
* Fix Snyk Security Finding Cross-site Scripting (XSS) in contrib/examples/sensors/echo_flask_app.py
* Fix Snyk Security Finding Cross-site Scripting (XSS) in contrib/examples/sensors/echo_flask_app.py
Contributed by (@philipphomberger Schwarz IT KG)

* Additional fixes for st2 client auth when proxy auth mode enabled #6049
Expand Down Expand Up @@ -41,6 +41,9 @@ Fixed

* Update version 3.1.15 of ``gitpython`` to 3.1.18 for py3.6 and to 3.1.37 for py3.8 (security). #6063

* Update importlib-metadata from 3.10.1 to 4.8.3 for py3.6 and to 4.10.1 for py3.8 (security). #6072
Contributed by @jk464

Added
~~~~~
* Move `git clone` to `user_home/.st2packs` #5845
Expand Down
7 changes: 5 additions & 2 deletions fixed-requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,9 +60,12 @@ routes==2.4.1
semver==2.13.0
six==1.13.0
argparse==1.12.2
argcomplete==1.12.2
# Note: argcomplete 1.12.3 supports importlib-metadata<5
argcomplete==1.12.3
prettytable==2.1.0
importlib-metadata==3.10.1
# Note: installs importlib-metadata==4.10.1 (security fixed) under py3.8 and importlib-metadata==4.8.3 (latest available, vulnerable) under py3.6
# TODO: Pin to 4.10.1 or higher after dropping python3.6 support
importlib-metadata>=4.8.3,<=4.10.1
# importlib-metadata requires typing-extensions but v4.2.0 requires py3.7+
typing-extensions<4.2
# NOTE: sseclient has various issues which sometimes hang the connection for a long time, etc.
Expand Down
4 changes: 2 additions & 2 deletions requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ MarkupSafe<2.1.0,>=0.23
RandomWords
amqp==5.0.6
apscheduler==3.7.0
argcomplete==1.12.2
argcomplete==1.12.3
bcrypt==3.2.0
cffi<1.15.0
chardet<3.1.0
Expand All @@ -23,7 +23,7 @@ gitdb==4.0.2
gitpython<=3.1.37
greenlet==1.0.0
gunicorn==21.2.0
importlib-metadata==3.10.1
importlib-metadata>=4.8.3,<=4.10.1
jinja2==2.11.3
jsonpath-rw==1.4.0
jsonschema==2.6.0
Expand Down
4 changes: 2 additions & 2 deletions st2client/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@
# If you want to update depdencies for a single component, modify the
# in-requirements.txt for that component and then run 'make requirements' to
# update the component requirements.txt
argcomplete==1.12.2
argcomplete==1.12.3
cffi<1.15.0
chardet<3.1.0
cryptography==39.0.1
importlib-metadata==3.10.1
importlib-metadata>=4.8.3,<=4.10.1
jsonpath-rw==1.4.0
jsonschema==2.6.0
orjson==3.5.2
Expand Down