Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Craysat 1870 dependabot security updates #234

Merged
merged 3 commits into from
Jul 4, 2024
Merged

Craysat 1870 dependabot security updates #234

merged 3 commits into from
Jul 4, 2024

Conversation

annapoorna-s-alt
Copy link
Contributor

@annapoorna-s-alt annapoorna-s-alt commented Jul 4, 2024
edited

Summary and Scope

Combines #233 and #226 from dependabot into a single PR with a changelog update.

Issues and Related PRs

Resolves 2 dependabot alerts in CRAYSAT-1870.

Testing

List the environments in which these changes were tested.

Tested on:

Baldar

Test description:

Basic testing of sat commands which uses requests and urllib

Risks and Mitigations

N/A

Pull Request Checklist

  • Version number(s) incremented, if applicable
  • Copyrights updated
  • License file intact
  • Target branch correct
  • CHANGELOG.md updated
  • Testing is appropriate and complete, if applicable
  • HPC Product Announcement prepared, if applicable

annapoorna-s-alt and others added 3 commits July 4, 2024 09:43
Add changelog entries for dependabot updates
5bab228
@dependabot
Bump requests from 2.31.0 to 2.32.2
db9479e 
Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.2.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.31.0...v2.32.2)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 6a39fc8)
@dependabot
Bump urllib3 from 1.26.18 to 1.26.19
c7929e0 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.18 to 1.26.19.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/1.26.19/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.18...1.26.19)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit f368038)
@annapoorna-s-alt
Copy link
Contributor Author

Validation tests after fixing the vulnerabilities here: https://gist.github.com/annapoorna-s-alt/29089c6fec6d22095f72e07b93331363

@annapoorna-s-alt annapoorna-s-alt merged commit ab441a7 into main Jul 4, 2024
3 checks passed
@annapoorna-s-alt annapoorna-s-alt deleted the CRAYSAT-1870-dependabot-security-updates branch July 4, 2024 11:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shivaprasad-metimath shivaprasad-metimath shivaprasad-metimath approved these changes

@haasken-hpe haasken-hpe Awaiting requested review from haasken-hpe

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@annapoorna-s-alt @shivaprasad-metimath