drm/ci: make github dependabot happy again

The drm CI scripts for gitlab have a requirements file that makes the github 'dependabot' worry about a few of the required tooling versions. It wants to update the pip requirements from 23.2.1 to 23.3: "When installing a package from a Mercurial VCS URL, e.g. pip install hg+..., with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (e.g. --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial" and upgrade the urllib3 requirements from 2.0.4 to 2.0.7 due to two issues: "urllib3's request body not stripped after redirect from 303 status changes request method to GET" "`Cookie` HTTP header isn't stripped on cross-origin redirects" The file also ends up not having a newline at the end, that my editor ends up wanting to fix automatically. Link: https://github.com/dependabot Tested-by: Helen Koike <helen.koike@collabora.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
pingxiang-chen · Nov 13, 2023 · 58c09ca · 58c09ca
1 parent b85ea95
commit 58c09ca
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/drivers/gpu/drm/ci/xfails/requirements.txt b/drivers/gpu/drm/ci/xfails/requirements.txt
@@ -5,13 +5,13 @@ termcolor==2.3.0
 certifi==2023.7.22
 charset-normalizer==3.2.0
 idna==3.4
-pip==23.2.1
+pip==23.3
 python-gitlab==3.15.0
 requests==2.31.0
 requests-toolbelt==1.0.0
 ruamel.yaml==0.17.32
 ruamel.yaml.clib==0.2.7
 setuptools==68.0.0
 tenacity==8.2.3
-urllib3==2.0.4
-wheel==0.41.1
+urllib3==2.0.7
+wheel==0.41.1