Sync security updates to main. #897
Open
Commits on Jan 5, 2024
-
RDISCROWD-6713 Lib upgrades to fix Critical and High severity alerts (#…
…890) * Bump requests from 2.26.0 to 2.31.0 Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.26.0...v2.31.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Bump cryptography from 3.4.8 to 41.0.2 Bumps [cryptography](https://github.com/pyca/cryptography) from 3.4.8 to 41.0.2. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@3.4.8...41.0.2) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Bump certifi from 2021.5.30 to 2023.7.22 Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.5.30 to 2023.7.22. - [Commits](certifi/python-certifi@2021.05.30...2023.07.22) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Updated libs to address all Critical and High severity alerts. * up * up * up * Updated libs. * fix * up * up * up * up --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Commits on Jan 8, 2024
-
RDISCROWD-6713 Pillow 10.1.0 (#895)
* Bump requests from 2.26.0 to 2.31.0 Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.26.0...v2.31.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Bump cryptography from 3.4.8 to 41.0.2 Bumps [cryptography](https://github.com/pyca/cryptography) from 3.4.8 to 41.0.2. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@3.4.8...41.0.2) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Bump certifi from 2021.5.30 to 2023.7.22 Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.5.30 to 2023.7.22. - [Commits](certifi/python-certifi@2021.05.30...2023.07.22) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Updated libs to address all Critical and High severity alerts. * up * up * up * Updated libs. * fix * up * up * up * up * Pillow 10.1.0 --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
-
Merge branch 'main' into security-updates
# Conflicts: # pybossa/themes/default
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.