diff options
| author | Stephan T. Lavavej <stl@nuwen.net> | 2024-08-24 09:51:08 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-24 09:51:08 -0700 |
| commit | 7036394048a963dd23f1a2da269089224e30d0b2 (patch) | |
| tree | 17bf6c7c3f92024fa24867c837acc547a2f0996b /llvm/lib/Support/VirtualFileSystem.cpp | |
| parent | 65b7cbbd8735b90933369364153b982d498f649a (diff) | |
| download | llvm-7036394048a963dd23f1a2da269089224e30d0b2.zip llvm-7036394048a963dd23f1a2da269089224e30d0b2.tar.gz llvm-7036394048a963dd23f1a2da269089224e30d0b2.tar.bz2 | |
Update Python requirements to fix more CVEs (#105853)
Followup to #90109.
In Microsoft, our automated scans are warning that LLVM has vulnerable
dependencies. Specifically:
* [CVE-2024-35195](https://nvd.nist.gov/vuln/detail/CVE-2024-35195) was
fixed in `requests` 2.32.0.
* [CVE-2024-37891](https://nvd.nist.gov/vuln/detail/CVE-2024-37891) was
fixed in `urllib3` 2.2.2.
I've updated LLVM's dependencies by running the following commands in
`llvm/utils/git`:
```
pip-compile --upgrade --generate-hashes --output-file=requirements.txt requirements.txt.in
pip-compile --upgrade --generate-hashes --output-file=requirements_formatting.txt requirements_formatting.txt.in
```
Note that for `requirements_formatting.txt` this adds
`--generate-hashes` (according to my vague understanding, it's highly
desirable and was already used for `requirements.txt`) and was locally
run within `llvm/utils/git` (changing the recorded command, which
apparently was originally run from the repo root - again,
`requirements.txt` was already being regenerated with a locally run
command, so this increases consistency).
I observe that this has updated the relevant components to pick up the
CVE fixes. Note that I am largely clueless in this area, so I hope that
(like #90109) no other changes will be necessary.
Diffstat (limited to 'llvm/lib/Support/VirtualFileSystem.cpp')
0 files changed, 0 insertions, 0 deletions