ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity

deps: pin transitive dependencies for security fixes

Browse Source 
- urllib3>=2.6.3 (CVE-2025-43859)
- jaraco.context>=6.1.0 (GHSA-58pv-8j8x-9vj2)
- setuptools>=80.0 (vendored jaraco.context)

reduces High vulnerabilities from 6 to 3
This commit is contained in:
Username
2026-01-18 09:16:08 +01:00
parent a736bce346
commit 0fc45587cd
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pyproject.toml
View File

@@ -7,6 +7,9 @@ requires-python = ">=3.11"
dependencies = [ dependencies = [
"flask>=3.0", "flask>=3.0",
"cryptography>=42.0", "cryptography>=42.0",
# Security fixes (transitive dependency pins)
"urllib3>=2.6.3",
"jaraco.context>=6.1.0",
] ]
[project.optional-dependencies] [project.optional-dependencies]

5
requirements.txt
View File

@@ -9,3 +9,8 @@ prometheus-flask-exporter>=0.23
# PKI support (optional) # PKI support (optional)
cryptography>=42.0 cryptography>=42.0
# Security fixes (transitive dependency pins)
urllib3>=2.6.3
jaraco.context>=6.1.0
setuptools>=80.0