Skip to content

Commit ef0fabe

Browse files
authored
fix(RELEASE-2180): resolve Python package vulnerabilities (#648)
release-service-utils contained vulnerable packages for two reasons: - its dependency, pubtools-pyxis pinned urllib3 to an old vulnerable version. A new version without this constraint was released and bumped in pyproject.toml - The supported Python version in pyproject.toml was >=3.9. Version 3.9 is no longer officially supported, which caused the uv lockfile to contain old package versions that are no longer getting updated for 3.9. It was fixed by bumping minimum Python version to 3.10. Signed-off-by: Lubomir Gallovic <lgallovi@redhat.com>
1 parent b57de05 commit ef0fabe

2 files changed

Lines changed: 71 additions & 762 deletions

File tree

pyproject.toml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ name = "release-service-utils"
33
version = "0.1.0"
44
description = "Konflux Release Service Utils"
55
readme = "README.md"
6-
requires-python = ">=3.9"
6+
requires-python = ">=3.10"
77
dependencies = [
88
"jinja2",
99
"check-jsonschema",
@@ -15,7 +15,7 @@ dependencies = [
1515
"pubtools-exodus==1.5.2",
1616
"pubtools-marketplacesvm==1.9.0",
1717
"pubtools-sign==1.0.6",
18-
"pubtools-pyxis==1.3.7",
18+
"pubtools-pyxis==1.3.8",
1919
"pulp-cli==0.36.3",
2020
"diffused-lib==0.3.0",
2121
]

0 commit comments

Comments
 (0)