This is an automated email from the ASF dual-hosted git repository.
hello-stephen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/master by this push:
new 8f65b7ccb41 [fix](build) Update pytest dependency pins for security
advisories (#63188)
8f65b7ccb41 is described below
commit 8f65b7ccb41f35e1f88a754dd7caf7038c287c7a
Author: Arpit Jain <[email protected]>
AuthorDate: Fri Jul 10 17:46:38 2026 +0900
[fix](build) Update pytest dependency pins for security advisories (#63188)
Problem Summary:
`pytest/requirements.txt` currently pins several dependencies to
vulnerable versions flagged by Dependabot. This PR updates the pinned
versions for `certifi`, `idna`, `PyMySQL`, `requests`, and `urllib3` to
patched releases so the pytest tooling dependencies are no longer on
known vulnerable ranges.
Signed-off-by: Arpit Jain <[email protected]>
---
pytest/requirements.txt | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/pytest/requirements.txt b/pytest/requirements.txt
index 17804c41fb2..4d3384b8973 100644
--- a/pytest/requirements.txt
+++ b/pytest/requirements.txt
@@ -17,23 +17,22 @@
attrs==23.1.0
boltons==23.0.0
-certifi==2023.7.22
+certifi==2024.7.4
charset-normalizer==3.2.0
-idna==3.4
+idna==3.7
kafka-python==2.0.2
numpy==1.24.2
petl==1.7.12
pexpect==4.8.0
ptyprocess==0.7.0
pycurl==7.45.2
-PyMySQL==1.0.3
+PyMySQL==1.1.1
pytest==7.4.0
pytest-html==3.2.0
pytest-metadata==3.0.0
pytest-timeout==2.1.0
python-dateutil==2.8.2
pytz==2023.3
-requests==2.28.2
+requests==2.32.4
six==1.16.0
-urllib3==1.26.1
-
+urllib3==2.6.3
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]