From 28b1cbb2f350d78db48a691744ec0b6ed1ca99cf Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 9 Mar 2024 17:29:51 +0000 Subject: [PATCH 1/3] fix: requirements/base.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6149518 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6157248 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6261585 - https://snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713 - https://snyk.io/vuln/SNYK-PYTHON-FLASKAPPBUILDER-6305197 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459 --- requirements/base.txt | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index df8f3ea5572fa..15d176f20805d 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -78,7 +78,7 @@ cron-descriptor==1.2.24 # via apache-superset croniter==1.0.15 # via apache-superset -cryptography==41.0.2 +cryptography==42.0.4 # via # apache-superset # paramiko @@ -86,7 +86,7 @@ deprecated==1.2.13 # via limits deprecation==2.1.0 # via apache-superset -dnspython==2.1.0 +dnspython==2.6.1 # via email-validator email-validator==1.1.3 # via flask-appbuilder @@ -106,7 +106,7 @@ flask==2.2.5 # flask-session # flask-sqlalchemy # flask-wtf -flask-appbuilder==4.3.10 +flask-appbuilder==4.3.11 # via apache-superset flask-babel==1.0.0 # via flask-appbuilder @@ -173,7 +173,7 @@ itsdangerous==2.1.2 # via # flask # flask-wtf -jinja2==3.1.2 +jinja2==3.1.3 # via # flask # flask-babel @@ -355,7 +355,7 @@ tzdata==2023.3 # via pandas url-normalize==1.4.3 # via requests-cache -urllib3==1.26.6 +urllib3==1.26.18 # via # requests # requests-cache @@ -393,3 +393,4 @@ zipp==3.15.0 # The following packages are considered to be unsafe in a requirements file: # setuptools +setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability From 68adeff97ba2e5347dfb1bc5dbd2eabc36033293 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 11 Mar 2024 00:10:17 +0000 Subject: [PATCH 2/3] fix: superset-frontend/plugins/plugin-chart-pivot-table/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 --- superset-frontend/plugins/plugin-chart-pivot-table/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/superset-frontend/plugins/plugin-chart-pivot-table/package.json b/superset-frontend/plugins/plugin-chart-pivot-table/package.json index 4537c88b3979c..d4f143f27e4a4 100644 --- a/superset-frontend/plugins/plugin-chart-pivot-table/package.json +++ b/superset-frontend/plugins/plugin-chart-pivot-table/package.json @@ -39,6 +39,6 @@ "devDependencies": { "@babel/types": "^7.13.12", "@types/jest": "^26.0.0", - "jest": "^26.0.1" + "jest": "^27.0.0" } } From c8ffe6ed8768f0b352d031dea9bafe503f944e43 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 11 Mar 2024 00:11:41 +0000 Subject: [PATCH 3/3] fix: superset-frontend/plugins/plugin-chart-handlebars/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 --- superset-frontend/plugins/plugin-chart-handlebars/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/superset-frontend/plugins/plugin-chart-handlebars/package.json b/superset-frontend/plugins/plugin-chart-handlebars/package.json index 8fcb8ab599fb4..8337d3bcd686b 100644 --- a/superset-frontend/plugins/plugin-chart-handlebars/package.json +++ b/superset-frontend/plugins/plugin-chart-handlebars/package.json @@ -43,6 +43,6 @@ "devDependencies": { "@types/jest": "^26.0.0", "@types/lodash": "^4.14.149", - "jest": "^26.0.1" + "jest": "^28.0.0" } }