* [layerindex-web][PATCH 0/2] dependency updates
@ 2019-10-28 21:26 Paul Eggleton
2019-10-28 21:26 ` [layerindex-web][PATCH 1/2] requirements.txt: update to fix CVE-2019-16865 Paul Eggleton
2019-10-28 21:26 ` [layerindex-web][PATCH 2/2] requirements.txt: bump a couple more versions Paul Eggleton
0 siblings, 2 replies; 3+ messages in thread
From: Paul Eggleton @ 2019-10-28 21:26 UTC (permalink / raw)
To: yocto
Updates to python dependencies in requirements.txt, including one
upstream CVE fix.
The following changes since commit fae9771604097896f10a4aec2f2aee7fefd8ec86:
Fix cgit commit URL setting (2019-10-21 12:02:44 +1300)
are available in the Git repository at:
git://git.yoctoproject.org/layerindex-web paule/requirements1
http://git.yoctoproject.org/cgit.cgi/layerindex-web/log/?h=paule/requirements1
Paul Eggleton (2):
requirements.txt: update to fix CVE-2019-16865
requirements.txt: bump a couple more versions
requirements.txt | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--
2.20.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* [layerindex-web][PATCH 1/2] requirements.txt: update to fix CVE-2019-16865
2019-10-28 21:26 [layerindex-web][PATCH 0/2] dependency updates Paul Eggleton
@ 2019-10-28 21:26 ` Paul Eggleton
2019-10-28 21:26 ` [layerindex-web][PATCH 2/2] requirements.txt: bump a couple more versions Paul Eggleton
1 sibling, 0 replies; 3+ messages in thread
From: Paul Eggleton @ 2019-10-28 21:26 UTC (permalink / raw)
To: yocto
Update Pillow version to incorporate a fix for a denial-of-service
vulnerability (which should not affect this application however, as it
does not use Pillow to process external images):
https://nvd.nist.gov/vuln/detail/CVE-2019-16865
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
requirements.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/requirements.txt b/requirements.txt
index 855b7344..84f2ea54 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -19,7 +19,7 @@ gitdb2==2.0.6
GitPython==2.1.13
kombu==4.6.3
mysqlclient==1.4.4
-Pillow==6.1.0
+Pillow==6.2.1
pytz==2019.2
six==1.12.0
smmap2==2.0.5
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [layerindex-web][PATCH 2/2] requirements.txt: bump a couple more versions
2019-10-28 21:26 [layerindex-web][PATCH 0/2] dependency updates Paul Eggleton
2019-10-28 21:26 ` [layerindex-web][PATCH 1/2] requirements.txt: update to fix CVE-2019-16865 Paul Eggleton
@ 2019-10-28 21:26 ` Paul Eggleton
1 sibling, 0 replies; 3+ messages in thread
From: Paul Eggleton @ 2019-10-28 21:26 UTC (permalink / raw)
To: yocto
Update pytz and beautifulsoup4.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
requirements.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/requirements.txt b/requirements.txt
index 84f2ea54..07d8495e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,5 @@
amqp==2.5.2
-beautifulsoup4==4.8.0
+beautifulsoup4==4.8.1
billiard==3.6.1.0
celery==4.3.0
confusable-homoglyphs==3.2.0
@@ -20,7 +20,7 @@ GitPython==2.1.13
kombu==4.6.3
mysqlclient==1.4.4
Pillow==6.2.1
-pytz==2019.2
+pytz==2019.3
six==1.12.0
smmap2==2.0.5
soupsieve==1.9.4
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-10-28 21:27 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-10-28 21:26 [layerindex-web][PATCH 0/2] dependency updates Paul Eggleton
2019-10-28 21:26 ` [layerindex-web][PATCH 1/2] requirements.txt: update to fix CVE-2019-16865 Paul Eggleton
2019-10-28 21:26 ` [layerindex-web][PATCH 2/2] requirements.txt: bump a couple more versions Paul Eggleton
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.