Fixed safety issues raised for newly added dependencvies

Signed-off-by: Andreas Maier <[email protected]>
zhmcclient · Oct 8, 2024 · 7d20408 · 7d20408
1 parent 543cadb
commit 7d20408
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 32 deletions.
diff --git a/.safety-policy-develop.yml b/.safety-policy-develop.yml
@@ -26,20 +26,6 @@ security:
     #     reason: {text}    # optional: Reason for ignoring it. Will be reported in the Safety reports
     #     expires: {date}   # optional: Date when this ignore will expire
     ignore-vulnerabilities:
-        44634:
-            reason: Fixed ipython version 6.0.0 cannot be used without major work on dependencies; Risk is minimal since these versions are used only in development
-        50463:
-            reason: Fixed ipywidgets version 8.0.0 cannot be used without major work on dependencies; Risk is minimal since these versions are used only in development
-        50664:
-            reason: Fixed ipywidgets version 8.0.0 cannot be used without major work on dependencies; Risk is minimal since these versions are used only in development
-        50792:
-            reason: Fixed nbconvert version 6.5.1 cannot be used without major work on dependencies; Risk is minimal since these versions are used only in development
-        51457:
-            reason: Py package is no longer being fixed (latest version 1.11.0)
-        53269:
-            reason: Fixed ipython version 8.1.0 cannot be used without major work on dependencies; Risk is minimal since these versions are used only in development
-        68477:
-            reason: Fixed virtualenv version 20.21.0 requires Python>=3.7 but is used only on Python>=3.12 due to other constraints
         70612:
             reason: Disputed issue in jinja2 version 3.1.3 - No known fix
 

diff --git a/.safety-policy-install.yml b/.safety-policy-install.yml
@@ -26,10 +26,6 @@ security:
     #     reason: {text}    # optional: Reason for ignoring it. Will be reported in the Safety reports
     #     expires: {date}   # optional: Date when this ignore will expire
     ignore-vulnerabilities:
-        39611:
-            reason: Fixed version PyYAML 5.4.0 (and 6.0.0) fails to install since Cython 3 was released; No risk since full_load method and FullLoader are not used
-        67599:
-            reason: There is no fixed pip version
 
     # Continue with exit code 0 when vulnerabilities are found.
     continue-on-vulnerability-error: False
diff --git a/dev-requirements.txt b/dev-requirements.txt
@@ -124,7 +124,7 @@ ruff>=0.3.5
 #       dependency resolution, so for now we pin notebook to <6.5.
 # TODO: Re-enable for Python 3.13 on Windows once pywin32 install issue is solved, see
 #       https://github.com/mhammond/pywin32/issues/2367
-notebook>=7.1.2; sys_platform != 'win32' or python_version <= '3.12'
+notebook>=7.2.2; sys_platform != 'win32' or python_version <= '3.12'
 jupyter>=1.0.0; sys_platform != 'win32' or python_version <= '3.12'
 jupyter-console>=6.6.3; sys_platform != 'win32' or python_version <= '3.12'
 ipywidgets>=8.0.5; sys_platform != 'win32' or python_version <= '3.12'
@@ -139,9 +139,9 @@ jupyterlab-pygments>=0.2.0; sys_platform != 'win32' or python_version <= '3.12'
 jupyter-core>=5.3.0; sys_platform != 'win32' or python_version <= '3.12'
 ipython-genutils>=0.2.0; sys_platform != 'win32' or python_version <= '3.12'
 ipython>=8.10.0; sys_platform != 'win32' or python_version <= '3.12'
-jupyter-server>=2.5.0; sys_platform != 'win32' or python_version <= '3.12'
-jupyterlab>=4.1.1; sys_platform != 'win32' or python_version <= '3.12'
-jupyterlab-server>=2.22.1; sys_platform != 'win32' or python_version <= '3.12'
+jupyter-server>=2.14.1; sys_platform != 'win32' or python_version <= '3.12'
+jupyterlab>=4.2.5; sys_platform != 'win32' or python_version <= '3.12'
+jupyterlab-server>=2.27.1; sys_platform != 'win32' or python_version <= '3.12'
 notebook-shim>=0.2.3; sys_platform != 'win32' or python_version <= '3.12'
 
 # Pywin32 is used (at least?) by jupyter.
@@ -172,9 +172,8 @@ pip-check-reqs>=2.4.3,!=2.5.0; python_version == '3.8'
 pip-check-reqs>=2.5.1; python_version >= '3.9'
 
 # pywinpty is used by terminado <- notebook <- jupyter
-# pywinpty <1.1.1 does not have metadata for required Python or dependent packages.
-# pywinpty 1.0 requires maturin which fails installation on py>=3.7
-pywinpty>=2.0.3; os_name == "nt"
+# pywinpty>=1.0 requires maturin to build. Meanwhile, it works.
+pywinpty>=2.0.12; os_name == "nt"
 
 # pytz is actually covered in requirements.txt, but we need to repeat it here
 # because development packages pull it in, so the exclusion of 2024.2 is active

diff --git a/minimum-constraints-develop.txt b/minimum-constraints-develop.txt
@@ -107,7 +107,7 @@ ruff==0.3.5
 # Jupyter Notebook (no imports, invoked via jupyter script):
 # TODO: Re-enable for Python 3.13 on Windows once pywin32 install issue is solved, see
 #       https://github.com/mhammond/pywin32/issues/2367
-notebook==7.1.2; sys_platform != 'win32' or python_version <= '3.12'
+notebook==7.2.2; sys_platform != 'win32' or python_version <= '3.12'
 jupyter==1.0.0; sys_platform != 'win32' or python_version <= '3.12'
 jupyter-console==6.6.3; sys_platform != 'win32' or python_version <= '3.12'
 ipywidgets==8.0.5; sys_platform != 'win32' or python_version <= '3.12'
@@ -122,9 +122,9 @@ jupyterlab-pygments==0.2.0; sys_platform != 'win32' or python_version <= '3.12'
 jupyter-core==5.3.0; sys_platform != 'win32' or python_version <= '3.12'
 ipython-genutils==0.2.0; sys_platform != 'win32' or python_version <= '3.12'
 ipython==8.10.0; sys_platform != 'win32' or python_version <= '3.12'
-jupyter-server==2.5.0; sys_platform != 'win32' or python_version <= '3.12'
-jupyterlab==4.1.1; sys_platform != 'win32' or python_version <= '3.12'
-jupyterlab-server==2.22.1; sys_platform != 'win32' or python_version <= '3.12'
+jupyter-server==2.14.1; sys_platform != 'win32' or python_version <= '3.12'
+jupyterlab==4.2.5; sys_platform != 'win32' or python_version <= '3.12'
+jupyterlab-server==2.27.1; sys_platform != 'win32' or python_version <= '3.12'
 notebook-shim==0.2.3; sys_platform != 'win32' or python_version <= '3.12'
 
 # Pywin32 is used (at least?) by jupyter.
@@ -145,7 +145,7 @@ pip-check-reqs==2.4.3; python_version <= '3.8'
 pip-check-reqs==2.5.1; python_version >= '3.9'
 
 # pywinpty is used by terminado <- notebook <- jupyter
-pywinpty==2.0.3; os_name == "nt"
+pywinpty==2.0.12; os_name == "nt"
 
 # Indirect dependencies for development that are not in dev-requirements.txt
 
@@ -191,13 +191,12 @@ pkginfo==1.4.2
 pyproject-api==1.6.1  # used by tox since its 4.0.0
 prometheus-client==0.13.1
 ptyprocess==0.5.1
-py==1.11.0
 pyparsing==3.0.7
 pywin32-ctypes==0.2.0; sys_platform=="win32"  # used by keyring
 rfc3986==1.4.0
 rich==12.0.0
 scandir==1.9.0
-Send2Trash==1.8.0
+Send2Trash==1.8.2
 simplegeneric==0.8.1
 smmap2==2.0.1
 sniffio==1.3.0