RDISCROWD-6713 Lib upgrades to fix Critical and High severity alerts (#…

…890) * Bump requests from 2.26.0 to 2.31.0 Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.26.0...v2.31.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Bump cryptography from 3.4.8 to 41.0.2 Bumps [cryptography](https://github.com/pyca/cryptography) from 3.4.8 to 41.0.2. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@3.4.8...41.0.2) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Bump certifi from 2021.5.30 to 2023.7.22 Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.5.30 to 2023.7.22. - [Commits](certifi/python-certifi@2021.05.30...2023.07.22) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Updated libs to address all Critical and High severity alerts. * up * up * up * Updated libs. * fix * up * up * up * up --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
bloomberg · Jan 5, 2024 · 3d7db4d · 3d7db4d
1 parent 980039d
commit 3d7db4d
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 9 deletions.
diff --git a/pybossa/themes/default b/pybossa/themes/default
diff --git a/setup.py b/setup.py
@@ -12,7 +12,7 @@
     "botocore==1.31.62",
     "cachelib==0.3.0",
     "cachetools==4.2.2",
-    "certifi==2021.5.30",
+    "certifi==2023.11.17",
     "cffi==1.14.6",
     "chardet==4.0.0",
     "charset-normalizer==2.0.6",
@@ -21,7 +21,7 @@
     "cov-core==1.15.0",
     "coverage==5.5",
     "croniter==1.0.15",
-    "cryptography==3.4.8",
+    "cryptography==38.0.4",
     "cssselect==1.1.0",
     "debtcollector==2.3.0",
     "decorator==5.1.0",
@@ -77,8 +77,8 @@
     "keyring==23.2.1",
     "keystoneauth1==4.4.0",
     "libsass==0.21.0",
-    "lxml==4.6.3",
-    "Mako==1.1.5",
+    "lxml==5.0.0",
+    "Mako==1.3.0",
     "Markdown==3.3.4",
     "MarkupSafe==2.0.1",
     "misaka==2.1.1",
@@ -103,16 +103,16 @@
     "packaging==21.0",
     "pandas==1.3.3",
     "pbr==5.6.0",
-    "Pillow==8.3.2",
+    "Pillow==10.2.0",
     "prettytable==2.2.1",
-    "protobuf==3.18.0",
+    "protobuf==4.25.1",
     "psycopg2==2.8.6",
     "pyasn1==0.4.8",
     "pyasn1-modules==0.2.8",
     "pybossa-onesignal==1.1",
     "pycparser==2.20",
     "pycryptodome==3.10.4",
-    "PyJWT==2.1.0",
+    "PyJWT==2.8.0",
     "pykerberos==1.2.1",
     "PyLD==1.0.4",  # "PyLD==2.0.3", 1.0.4 version resolves pyld.jsonld.JsonLdError
     "pyldap==3.0.0.post1",
@@ -133,7 +133,7 @@
     "readability-lxml==0.8.1",
     "redis==3.5.3",
     "rednose==1.3.0",
-    "requests==2.26.0",
+    "requests==2.31.0",
     "requests-kerberos==0.12.0",
     "requests-oauthlib==1.1.0",
     "rfc3986==1.5.0",