Re: [PATCH 1/1] python: Update requirements.txt for security issues

[Heinrich Schuchardt]

On 5/30/23 21:50, Tom Rini wrote:

Per GitHub Dependabot:
- Use setuptools 65.5.1 to avoid some DoS issue
- Use requests 2.31.0 to avoid leaking some proxy information

Signed-off-by: Tom Rini <tr...@konsulko.com>

Documentation builds fine with the patch.

Tested-by: Heinrich Schuchardt <xypron.g...@gmx.de>

---
Cc: Simon Glass <s...@chromium.org>
Cc: Heinrich Schuchardt <xypron.g...@gmx.de>
---
  doc/sphinx/requirements.txt | 2 +-
  test/py/requirements.txt    | 4 ++--
  2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/sphinx/requirements.txt b/doc/sphinx/requirements.txt
index f9f6cc6e928b..aed449211711 100644
--- a/doc/sphinx/requirements.txt
+++ b/doc/sphinx/requirements.txt
@@ -11,7 +11,7 @@ packaging==21.3
  Pygments==2.11.2
  pyparsing==3.0.7
  pytz==2022.1
-requests==2.27.1
+requests==2.31.0
  six==1.16.0
  snowballstemmer==2.2.0
  Sphinx==3.4.3
diff --git a/test/py/requirements.txt b/test/py/requirements.txt
index 86d6266053fd..f7e76bdb9181 100644
--- a/test/py/requirements.txt
+++ b/test/py/requirements.txt
@@ -20,8 +20,8 @@ pytest==6.2.5
  pytest-xdist==2.5.0
  python-mimeparse==1.6.0
  python-subunit==1.3.0
-requests==2.27.1
-setuptools==58.3.0
+requests==2.31.0
+setuptools==65.5.1
  six==1.16.0
  testtools==2.3.0
  traceback2==1.4.0