Skip to content

Commit a515c0d

Browse files
authored
bump certifi (#940)
We have a ~~transient~~ transitive dep on certifi which has an open CVE on it. Helps avoid <GHSA-43fp-rhv2-5gv8> --- This bump was verified by setting up a virtual env in the `python/` dir and: ``` pip install -r requirements.txt -r requirements-dev.txt pip install -e . ./scripts/generate_openapi.sh pytest ``` The tests pass, so I think we're good. --- Along with the version bump for this certifi specifically, I had to do a little yak shaving: updating pip-tools (so `pip-compile` would work for me) as well as `openapi-python-client`.
1 parent 42ddaf8 commit a515c0d

File tree

2 files changed

+29
-24
lines changed

2 files changed

+29
-24
lines changed

python/requirements-dev.txt

Lines changed: 27 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,11 @@
11
#
2-
# This file is autogenerated by pip-compile with python 3.10
3-
# To update, run:
2+
# This file is autogenerated by pip-compile with Python 3.10
3+
# by the following command:
44
#
55
# pip-compile --output-file=requirements-dev.txt requirements.in/development.txt
66
#
77
anyio==3.5.0
88
# via httpcore
9-
appdirs==1.4.4
10-
# via black
119
attrs==21.4.0
1210
# via
1311
# openapi-python-client
@@ -16,11 +14,13 @@ autoflake==1.4
1614
# via
1715
# -r requirements.in/development.txt
1816
# openapi-python-client
19-
black==21.5b1
17+
black==23.3.0
2018
# via
2119
# -r requirements.in/development.txt
2220
# openapi-python-client
23-
certifi==2021.10.8
21+
build==0.10.0
22+
# via pip-tools
23+
certifi==2023.5.7
2424
# via
2525
# httpcore
2626
# httpx
@@ -68,18 +68,21 @@ mypy-extensions==0.4.3
6868
# via
6969
# black
7070
# mypy
71-
openapi-python-client==0.11.4
71+
openapi-python-client==0.14.0
7272
# via -r requirements.in/development.txt
73-
packaging==20.9
74-
# via pytest
75-
pathspec==0.8.1
73+
packaging==23.1
74+
# via
75+
# black
76+
# build
77+
# pytest
78+
pathspec==0.11.1
7679
# via black
77-
pep517==0.10.0
78-
# via pip-tools
7980
pep8-naming==0.11.1
8081
# via -r requirements.in/development.txt
81-
pip-tools==6.1.0
82+
pip-tools==6.13.0
8283
# via -r requirements.in/development.txt
84+
platformdirs==3.5.1
85+
# via black
8386
pluggy==0.13.1
8487
# via pytest
8588
py==1.10.0
@@ -94,16 +97,14 @@ pyflakes==2.3.1
9497
# via
9598
# autoflake
9699
# flake8
97-
pyparsing==2.4.7
98-
# via packaging
100+
pyproject-hooks==1.0.0
101+
# via build
99102
pytest==6.2.4
100103
# via -r requirements.in/development.txt
101104
python-dateutil==2.8.2
102105
# via openapi-python-client
103106
pyyaml==6.0
104107
# via openapi-python-client
105-
regex==2021.4.4
106-
# via black
107108
rfc3986[idna2008]==1.5.0
108109
# via httpx
109110
shellingham==1.4.0
@@ -118,18 +119,22 @@ sniffio==1.2.0
118119
# httpcore
119120
# httpx
120121
toml==0.10.2
122+
# via pytest
123+
tomli==2.0.0
121124
# via
122125
# black
123-
# pep517
124-
# pytest
125-
tomli==2.0.0
126-
# via mypy
127-
typer==0.4.0
126+
# build
127+
# mypy
128+
# pyproject-hooks
129+
typer==0.7.0
128130
# via openapi-python-client
129131
typing-extensions==3.10.0.0
130132
# via
131133
# mypy
132134
# pydantic
135+
wheel==0.40.0
136+
# via pip-tools
133137

134138
# The following packages are considered to be unsafe in a requirements file:
135139
# pip
140+
# setuptools

python/requirements.in/development.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ flake8
55
flake8-print
66
pep8-naming
77
mypy
8-
pip-tools
8+
pip-tools>=6.13.0
99
pytest
1010
httpx>=0.23.0
11-
openapi-python-client>=0.11.4
11+
openapi-python-client>=0.14.0

0 commit comments

Comments
 (0)