Skip to content

Update dependencies to fix vulnerabilities (2026-06-01)#86

Merged
ckunki merged 3 commits into
mainfrom
dependency-update/2026-06-01
Jun 1, 2026
Merged

Update dependencies to fix vulnerabilities (2026-06-01)#86
ckunki merged 3 commits into
mainfrom
dependency-update/2026-06-01

Conversation

@github-actions

@github-actions github-actions Bot commented Jun 1, 2026
edited by ckunki
Loading

Copy link
Copy Markdown
Contributor

Automated dependency update for poetry.lock.
This PR was created by the workflow dependency-update.yml

Please perform the following actions on a locally checked out branch:

  • Execute poetry run -- nox -s workflow:generate -- all
    • removed workflows .github/workflows/matrix-all.yml and .github/workflows/matrix-exasol.yml
  • Use poetry run -- nox -s dependency:audit to check for vulnerabilities requiring manual action
    • Updated pytest
  • Update file doc/changes/unreleased.md
    • not updated

@ckunki ckunki closed this Jun 1, 2026
@ckunki ckunki reopened this Jun 1, 2026
@ckunki ckunki temporarily deployed to manual-approval June 1, 2026 07:13 — with GitHub Actions Inactive
@ckunki
Added generated workflow files
266156c 
.github/workflows/matrix-all.yml
.github/workflows/matrix-exasol.yml
@ckunki

ckunki commented Jun 1, 2026

Copy link
Copy Markdown
Contributor 
poetry run -- nox -s dependency:audit

prints

pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern,
which allows local users to cause a denial of service or possibly gain privileges.",

File pyproject.toml would allow newer versions

[dependency-groups]
dev = [
    "pytest>=7.1.2,<10",
    "prysk[pytest-plugin]>=0.15.1",
    "exasol-toolbox>=8.1.1, <9",
]

Should pytest be updated?

@ckunki ckunki temporarily deployed to manual-approval June 1, 2026 07:51 — with GitHub Actions Inactive
@sonarqubecloud

sonarqubecloud Bot commented Jun 1, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@ckunki ckunki merged commit 5c5378b into main Jun 1, 2026
31 checks passed
@ckunki ckunki deleted the dependency-update/2026-06-01 branch June 1, 2026 09:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tkilias tkilias tkilias approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ckunki @tkilias