From ba0daeaf7643ac77824faff3eb4f2b42130f0684 Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Wed, 28 May 2025 17:37:04 -0400 Subject: [PATCH 1/3] Updated pip-audit ignore-vulns This changeset updates the PYSEC notices to ignore to due versions that either cannot be fixed or are false positives. Specifically, this changeset removes previously ignored vulnerability reports and adds PYSEC-2023-312 to the list because it is a false positive and refers to Redis itself, not the Python Redis client (see https://github.com/pypa/advisory-database/issues/237 for details). Signed-off-by: Carlo Costino --- .github/workflows/checks.yml | 3 +-- .github/workflows/daily_checks.yml | 2 ++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 17de8332f..3f74ff3fb 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -144,8 +144,7 @@ jobs: with: inputs: requirements.txt ignore-vulns: | - PYSEC-2024-60 - PYSEC-2022-43162 + PYSEC-2023-312 - name: Run npm audit run: make npm-audit diff --git a/.github/workflows/daily_checks.yml b/.github/workflows/daily_checks.yml index c2d3082a3..f5835f492 100644 --- a/.github/workflows/daily_checks.yml +++ b/.github/workflows/daily_checks.yml @@ -29,6 +29,8 @@ jobs: - uses: pypa/gh-action-pip-audit@v1.1.0 with: inputs: requirements.txt + ignore-vulns: | + PYSEC-2023-312 - name: Run npm audit run: make npm-audit From dabba6b696ec79b3f1f02f507973e173395492fd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 May 2025 23:53:56 +0000 Subject: [PATCH 2/3] Bump redis from 6.1.0 to 6.2.0 Bumps [redis](https://github.com/redis/redis-py) from 6.1.0 to 6.2.0. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](https://github.com/redis/redis-py/compare/v6.1.0...v6.2.0) --- updated-dependencies: - dependency-name: redis dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- poetry.lock | 12 ++++++------ pyproject.toml | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/poetry.lock b/poetry.lock index 21288d959..6e0b83338 100644 --- a/poetry.lock +++ b/poetry.lock @@ -3306,18 +3306,18 @@ all = ["numpy"] [[package]] name = "redis" -version = "6.1.0" +version = "6.2.0" description = "Python client for Redis database and key-value store" optional = false -python-versions = ">=3.8" +python-versions = ">=3.9" groups = ["main"] files = [ - {file = "redis-6.1.0-py3-none-any.whl", hash = "sha256:3b72622f3d3a89df2a6041e82acd896b0e67d9f54e9bcd906d091d23ba5219f6"}, - {file = "redis-6.1.0.tar.gz", hash = "sha256:c928e267ad69d3069af28a9823a07726edf72c7e37764f43dc0123f37928c075"}, + {file = "redis-6.2.0-py3-none-any.whl", hash = "sha256:c8ddf316ee0aab65f04a11229e94a64b2618451dab7a67cb2f77eb799d872d5e"}, + {file = "redis-6.2.0.tar.gz", hash = "sha256:e821f129b75dde6cb99dd35e5c76e8c49512a5a0d8dfdc560b2fbd44b85ca977"}, ] [package.extras] -hiredis = ["hiredis (>=3.0.0)"] +hiredis = ["hiredis (>=3.2.0)"] jwt = ["pyjwt (>=2.9.0)"] ocsp = ["cryptography (>=36.0.1)", "pyopenssl (>=20.0.1)", "requests (>=2.31.0)"] @@ -4164,4 +4164,4 @@ cffi = ["cffi (>=1.11)"] [metadata] lock-version = "2.1" python-versions = "^3.12.2" -content-hash = "640d7ecd2d2e1de918fdcbe1900ce68a73f28819b5f73968c0535a1590be6f09" +content-hash = "bce12f437f13587ebcb3a338e0ace6ebb18c898d2fa9470d4cb3f5f3edb5b2ba" diff --git a/pyproject.toml b/pyproject.toml index 493d04053..9bd4abc83 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -53,7 +53,7 @@ ordered-set = "^4.1.0" phonenumbers = "^9.0.5" pycparser = "^2.22" python-json-logger = "^3.3.0" -redis = "^6.1.0" +redis = "^6.2.0" regex = "^2024.11.6" s3transfer = "^0.10.2" shapely = "^2.1.1" From bb90f81571fd22953c94f24147c0999cbdf8540c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 May 2025 09:44:21 +0000 Subject: [PATCH 3/3] Bump phonenumbers from 9.0.5 to 9.0.6 Bumps [phonenumbers](https://github.com/daviddrysdale/python-phonenumbers) from 9.0.5 to 9.0.6. - [Commits](https://github.com/daviddrysdale/python-phonenumbers/compare/v9.0.5...v9.0.6) --- updated-dependencies: - dependency-name: phonenumbers dependency-version: 9.0.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- poetry.lock | 8 ++++---- pyproject.toml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/poetry.lock b/poetry.lock index 6e0b83338..4e9d1291f 100644 --- a/poetry.lock +++ b/poetry.lock @@ -2379,14 +2379,14 @@ install = ["zstandard (>=0.21.0)"] [[package]] name = "phonenumbers" -version = "9.0.5" +version = "9.0.6" description = "Python version of Google's common library for parsing, formatting, storing and validating international phone numbers." optional = false python-versions = "*" groups = ["main"] files = [ - {file = "phonenumbers-9.0.5-py2.py3-none-any.whl", hash = "sha256:7acef19817868a6f9cbc0d628dc5ad447b3768137e3d53c70dd6827a1ac040ba"}, - {file = "phonenumbers-9.0.5.tar.gz", hash = "sha256:70fde168a92dd9c73f57872359515181d6cde6bb8e7ec5660e94c4ca45692c50"}, + {file = "phonenumbers-9.0.6-py2.py3-none-any.whl", hash = "sha256:b4a0f5a0dc30235b273d06acfe9afc2160cce4f1c8220067985ed81d72bb29a9"}, + {file = "phonenumbers-9.0.6.tar.gz", hash = "sha256:bfb228cfc4a5644f7c1a32ded1bd2ee6f8e3749e422fbdabd57661e86ad8872d"}, ] [[package]] @@ -4164,4 +4164,4 @@ cffi = ["cffi (>=1.11)"] [metadata] lock-version = "2.1" python-versions = "^3.12.2" -content-hash = "bce12f437f13587ebcb3a338e0ace6ebb18c898d2fa9470d4cb3f5f3edb5b2ba" +content-hash = "913c98fc4ee6270f0c8fff572b9aa9501d622550bdaa8cde313af78885dc7498" diff --git a/pyproject.toml b/pyproject.toml index 9bd4abc83..6cc15e6c0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -50,7 +50,7 @@ geojson = "^3.1.0" jmespath = "^1.0.1" numpy = "^2.2.6" ordered-set = "^4.1.0" -phonenumbers = "^9.0.5" +phonenumbers = "^9.0.6" pycparser = "^2.22" python-json-logger = "^3.3.0" redis = "^6.2.0"