From d90b7588c45392f72938a6ccbc37896c7224a441 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 20 Mar 2024 16:37:09 +0000 Subject: [PATCH 1/3] fix: workflows/dev-requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-BLACK-6256273 --- workflows/dev-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflows/dev-requirements.txt b/workflows/dev-requirements.txt index 8e1947eb..ae6eb637 100644 --- a/workflows/dev-requirements.txt +++ b/workflows/dev-requirements.txt @@ -1,7 +1,7 @@ flake8~=3.7 ipython~=8.10 jedi~=0.15.0 -black~=19.10b0 +black~=24.3.0 pytest~=5.3 pytest-watch~=4.2 awscli~=1.17 From 7773d69daba350b45663be1f2f0c8efbae14bf98 Mon Sep 17 00:00:00 2001 From: "Lindsley, Chris" Date: Thu, 21 Mar 2024 13:15:10 -0400 Subject: [PATCH 2/3] fix more snyk vulnerabilities --- workflows/dev-requirements.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/workflows/dev-requirements.txt b/workflows/dev-requirements.txt index ae6eb637..7e96c258 100644 --- a/workflows/dev-requirements.txt +++ b/workflows/dev-requirements.txt @@ -4,6 +4,7 @@ jedi~=0.15.0 black~=24.3.0 pytest~=5.3 pytest-watch~=4.2 -awscli~=1.17 +awscli~=1.27.90 boto3~=1.11 setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability +rsa>=4.7 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file From 2940e0a8c0cbd80276ce2a4882621c997a75a204 Mon Sep 17 00:00:00 2001 From: "Lindsley, Chris" Date: Thu, 18 Apr 2024 06:41:16 -0400 Subject: [PATCH 3/3] update changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 76c7d1af..59063b4a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,9 @@ # CHANGELOG +## unreleased +* Snyk fixes for dev-requirements.txt + ## v18.2.0.0 * Upgrade to [Cumulus v18.2.0](https://github.com/nasa/cumulus/releases/tag/v18.2.0) * update required terraform version to `>= 1.5` in all CIRRUS modules matching the requirements