Update dependencies with poetry update #219

emlowe · 2024-10-30T22:50:31Z

❯ poetry update
Updating dependencies
Resolving dependencies... (4.0s)

Package operations: 1 install, 12 updates, 0 removals

  - Updating idna (3.8 -> 3.10)
  - Updating urllib3 (2.2.2 -> 2.2.3)
  - Updating zipp (3.20.1 -> 3.20.2)
  - Updating frozenlist (1.4.1 -> 1.5.0)
  - Updating more-itertools (10.4.0 -> 10.5.0)
  - Updating multidict (6.0.5 -> 6.1.0)
  - Installing propcache (0.2.0)
  - Updating bitarray (2.9.2 -> 2.9.3)
  - Updating cffi (1.17.0 -> 1.17.1)
  - Updating s3transfer (0.10.2 -> 0.10.3)
  - Updating yarl (1.9.8 -> 1.17.1)
  - Updating httpcore (1.0.5 -> 1.0.6)
  - Updating sqlalchemy (1.4.53 -> 1.4.54)

socket-security · 2024-10-30T22:50:56Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
pypi/[email protected]	None	`0`	0 B
pypi/[email protected]	None	`0`	0 B
pypi/[email protected]	Transitive: environment, eval, filesystem, network, shell, unsafe	`+357`	926 MB
pypi/[email protected]	Transitive: environment, eval, filesystem, network, shell, unsafe	`+303`	880 MB
pypi/[email protected]	filesystem, network	`0`	1.14 MB	kjd
pypi/[email protected]	Transitive: environment, eval, filesystem, network, shell, unsafe	`+112`	71.5 MB
pypi/[email protected]	eval, filesystem, unsafe Transitive: environment, network, shell	`+108`	23 MB	bbayles, erikrose
pypi/[email protected]	Transitive: environment, eval, filesystem, network, shell, unsafe	`+347`	924 MB
pypi/[email protected]	Transitive: environment, eval, filesystem, network, shell, unsafe	`+309`	881 MB
pypi/[email protected]	environment, eval, filesystem, network, shell	`0`	1.79 MB	jonathan.slenders
pypi/[email protected]	environment, filesystem Transitive: eval, network, shell, unsafe	`+347`	924 MB	bdraco
pypi/pywin32@308	None	`0`	0 B
pypi/[email protected]	None	`0`	0 B
pypi/[email protected]	environment, eval, filesystem, network, shell, unsafe	`+305`	880 MB	CaselIT
pypi/[email protected]	environment Transitive: eval, filesystem, network, shell	`+2`	364 kB	hugovk
pypi/[email protected]	filesystem	`0`	51 kB	encukou, hauntsaninja, hukkin
pypi/[email protected]	Transitive: environment, eval, filesystem, network, shell, unsafe	`+303`	880 MB
pypi/[email protected]	environment, eval, filesystem, network, shell Transitive: unsafe	`+353`	931 MB	gaborbernat, pf_moore
pypi/[email protected]	environment	`0`	1.3 MB	Andrew.Svetlov, webknjaz
pypi/[email protected]	eval, filesystem, unsafe Transitive: environment, network, shell	`+318`	881 MB	jaraco

🚮 Removed packages: pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/pywin32@306, pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected]

View full report↗︎

socket-security · 2024-10-30T22:50:58Z

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

emlowe · 2024-10-30T23:11:44Z

@SocketSecurity ignore-all

Update dependencies with poetry update

f674e04

emlowe requested review from wwills2 and TheLastCicada October 30, 2024 23:46

TheLastCicada approved these changes Oct 31, 2024

View reviewed changes

TheLastCicada merged commit f2c60a5 into develop Oct 31, 2024
37 checks passed

TheLastCicada deleted the EL.update-dependencies branch October 31, 2024 00:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependencies with poetry update #219

Update dependencies with poetry update #219

emlowe commented Oct 30, 2024

socket-security bot commented Oct 30, 2024 •

edited

Loading

socket-security bot commented Oct 30, 2024 •

edited

Loading

emlowe commented Oct 30, 2024

Update dependencies with poetry update #219

Update dependencies with poetry update #219

Conversation

emlowe commented Oct 30, 2024

socket-security bot commented Oct 30, 2024 • edited Loading

socket-security bot commented Oct 30, 2024 • edited Loading

Next steps

emlowe commented Oct 30, 2024

socket-security bot commented Oct 30, 2024 •

edited

Loading

socket-security bot commented Oct 30, 2024 •

edited

Loading