Skip to content

Commit

Permalink
drm/ci: Upgrade requests requirement to 2.32.0
Browse files Browse the repository at this point in the history 
GitHub Dependabot has issued the following alert:

"build(deps): bump requests from 2.31.0 to 2.32.2 in
 /drivers/gpu/drm/ci/xfails.

 When making requests through a Requests Session, if the first
 request is made with verify=False to disable cert verification,
 all subsequent requests to the same origin will continue to ignore
 cert verification regardless of changes to the value of verify.
 This behavior will continue for the lifecycle of the connection in
 the connection pool.

 Severity: 5.6 / 10 (Moderate)
 Attack vector:          Local
 Attack complexity:       High
 Privileges required:     High
 User interaction:    Required
 Scope:              Unchanged
 Confidentiality:         High
 Integrity:               High
 Availability:            None
 CVE ID:        CVE-2024-35195"

To avoid disturbing everyone with the kernel repo hosted on GitHub,
I suggest we upgrade our python dependencies once again to appease
GitHub Dependabot.

Link: https://github.com/dependabot
Link: psf/requests#6655
Signed-off-by: WangYuli <[email protected]>
  • Loading branch information
@Avenger-285714 @intel-lab-lkp
Avenger-285714 authored and intel-lab-lkp committed Sep 18, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
1 parent 64a950a commit 08731b0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/gpu/drm/ci/xfails/requirements.txt
View file
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@ charset-normalizer==3.2.0
idna==3.4
pip==23.3
python-gitlab==3.15.0
requests==2.31.0
requests==2.32.0
requests-toolbelt==1.0.0
ruamel.yaml==0.17.32
ruamel.yaml.clib==0.2.7

0 comments on commit 08731b0

Please sign in to comment.