From patchwork Wed Sep 18 13:06:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: WangYuli X-Patchwork-Id: 13806888 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 053B0CCD1A0 for ; Wed, 18 Sep 2024 13:08:57 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 5D61310E23F; Wed, 18 Sep 2024 13:08:56 +0000 (UTC) Authentication-Results: gabe.freedesktop.org; dkim=pass (1024-bit key; unprotected) header.d=uniontech.com header.i=@uniontech.com header.b="SHSCL48I"; dkim-atps=neutral Received: from bg5.exmail.qq.com (bg5.exmail.qq.com [43.154.209.5]) by gabe.freedesktop.org (Postfix) with ESMTPS id BF88A10E23F for ; Wed, 18 Sep 2024 13:08:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uniontech.com; s=onoh2408; t=1726664871; bh=78SgngBKZBmCahApQZmS491yViuhV7ff/MsyOqzu+jA=; h=From:To:Subject:Date:Message-ID:MIME-Version; b=SHSCL48I4fry0KXYLwQ6IBGUMO4NOYcvtMj6nuhsaxANm7vWlD13HyUIOXILaiNSE 0to+8+BDaTeCkQ6BZv/7sKFIQJBM+RH134Xhg6eF/518eY+Whw/36p5BqWsc0raeLK ExJ4Jg90+QjGrgxT1ApYD6XkZHIDpTsj7U33d4YE= X-QQ-mid: bizesmtp89t1726664864tqxrduuz X-QQ-Originating-IP: iStDSal+XfZLIbLXnFqWfb3b+vIvkE4Fj6sizXbwNow= Received: from localhost.localdomain ( [113.57.152.160]) by bizesmtp.qq.com (ESMTP) with id ; Wed, 18 Sep 2024 21:07:43 +0800 (CST) X-QQ-SSF: 0000000000000000000000000000000 X-QQ-GoodBg: 1 X-BIZMAIL-ID: 880936769017630702 From: WangYuli To: helen.koike@collabora.com, maarten.lankhorst@linux.intel.com, mripard@kernel.org, tzimmermann@suse.de, airlied@gmail.com, simona@ffwll.ch, wangyuli@uniontech.com, david.heidelberg@collabora.com Cc: dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, guanwentao@uniontech.com, zhanjun@uniontech.com Subject: [PATCH 3/4] drm/ci: Upgrade idna requirement to 3.7 Date: Wed, 18 Sep 2024 21:06:42 +0800 Message-ID: <72EEE7B8B5E98035+20240918130725.448656-4-wangyuli@uniontech.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240918130725.448656-1-wangyuli@uniontech.com> References: <20240918130725.448656-1-wangyuli@uniontech.com> MIME-Version: 1.0 X-QQ-SENDSIZE: 520 Feedback-ID: bizesmtp:uniontech.com:qybglogicsvrgz:qybglogicsvrgz8a-1 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" GitHub Dependabot has issued the following alert: "build(deps): bump idna from 3.4 to 3.7 in /drivers/gpu/drm/ci/xfails. A specially crafted argument to the function could consume significant resources. This may lead to a denial-of-service. The function has been refined to reject such strings without the associated resource consumption in version 3.7. Severity: 6.9 / 10 (Moderate) Attack vector: Local Attack complexity: Low Attack Requirements: None Privileges required: None User interaction: None Confidentiality: None Integrity: None Availability: High CVE ID: CVE-2024-3651" To avoid disturbing everyone with the kernel repo hosted on GitHub, I suggest we upgrade our python dependencies once again to appease GitHub Dependabot. Link: https://github.com/dependabot Link: https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb Signed-off-by: WangYuli --- drivers/gpu/drm/ci/xfails/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/ci/xfails/requirements.txt b/drivers/gpu/drm/ci/xfails/requirements.txt index f69b58356a37..8b2b1fa16614 100644 --- a/drivers/gpu/drm/ci/xfails/requirements.txt +++ b/drivers/gpu/drm/ci/xfails/requirements.txt @@ -4,7 +4,7 @@ termcolor==2.3.0 # ci-collate dependencies certifi==2023.7.22 charset-normalizer==3.2.0 -idna==3.4 +idna==3.7 pip==23.3 python-gitlab==3.15.0 requests==2.32.0