Commit ef0fabe
authored
fix(RELEASE-2180): resolve Python package vulnerabilities (#648)
release-service-utils contained vulnerable packages for two reasons:
- its dependency, pubtools-pyxis pinned urllib3 to an old
vulnerable version. A new version without this constraint was
released and bumped in pyproject.toml
- The supported Python version in pyproject.toml was >=3.9. Version
3.9 is no longer officially supported, which caused the uv
lockfile to contain old package versions that are no longer getting
updated for 3.9. It was fixed by bumping minimum Python version to
3.10.
Signed-off-by: Lubomir Gallovic <lgallovi@redhat.com>1 parent b57de05 commit ef0fabe
2 files changed
Lines changed: 71 additions & 762 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
3 | 3 | | |
4 | 4 | | |
5 | 5 | | |
6 | | - | |
| 6 | + | |
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
| |||
15 | 15 | | |
16 | 16 | | |
17 | 17 | | |
18 | | - | |
| 18 | + | |
19 | 19 | | |
20 | 20 | | |
21 | 21 | | |
| |||
0 commit comments