Safety issues

andy-maier · andy-maier · commit ee0c02c83858 · 2026-02-10T06:30:05.000+01:00
Signed-off-by: Andreas Maier &lt;andreas.r.maier@gmx.de&gt;
diff --git a/.safety-policy-develop.yml b/.safety-policy-develop.yml
@@ -28,6 +28,8 @@ security:
             reason: The py package is no longer being fixed (latest version 1.11.0)
         70612:
             reason: Disputed issue in jinja2 version 3.1.3 - No known fix
+        82754:
+            reason: Fixed filelock version 3.20.1 requires Python>=3.10 and is used there
 
     # Continue with exit code 0 when vulnerabilities are found.
     continue-on-vulnerability-error: False
diff --git a/changes/noissue.safety.fix.rst b/changes/noissue.safety.fix.rst
@@ -0,0 +1 @@
+Fixed safety issues up to 2026-02-09.
diff --git a/dev-requirements.txt b/dev-requirements.txt
@@ -43,8 +43,8 @@ typer-cli>=0.16.0
 typer-slim>=0.16.0
 # safety 3.4.0 depends on psutil~=6.1.0
 psutil~=6.1.0
-# safety 3.4.0 requires filelock~=3.16.1
-filelock~=3.16.1
+filelock>=3.16.1; python_version <= '3.9'
+filelock>=3.20.1; python_version >= '3.10'
 
 # PyYAML is pulled in by dparse
 # PyYAML is also pulled in by dparse and python-coveralls
diff --git a/minimum-constraints-develop.txt b/minimum-constraints-develop.txt
@@ -38,7 +38,7 @@ dparse==0.6.4
 ruamel.yaml==0.17.21
 click==8.0.2
 Authlib==1.6.5
-marshmallow==3.15.0
+marshmallow==3.26.2
 pydantic==2.8.0; python_version == '3.8'
 pydantic==2.12.0; python_version >= '3.9'
 pydantic_core==2.20.0; python_version == '3.8'
@@ -47,7 +47,8 @@ typer==0.16.0
 typer-cli==0.16.0
 typer-slim==0.16.0
 psutil==6.1.0
-filelock==3.16.1
+filelock==3.16.1; python_version <= '3.9'
+filelock==3.20.1; python_version >= '3.10'
 
 # PyYAML is pulled in by dparse
 PyYAML==6.0.2
@@ -166,7 +167,7 @@ tenacity==8.5.0
 toml==0.10.0
 tomli==2.0.1
 tqdm==4.66.3
-urllib3==2.5.0
+urllib3==2.6.3
 wcwidth==0.1.7
 webencodings==0.5.1
 zipp==3.19.1
