diff mbox series

[RESEND.,4/5] drm/ci: Upgrade idna requirement to 3.7

Message ID B855B90C2EECA04E+20241017034004.113456-4-wangyuli@uniontech.com (mailing list archive)
State New, archived
Headers show
Series None | expand

Commit Message

WangYuli Oct. 17, 2024, 3:39 a.m. UTC
GitHub Dependabot has issued the following alert:

"build(deps): bump idna from 3.4 to 3.7 in /drivers/gpu/drm/ci/xfails.

 A specially crafted argument to the function could consume
 significant resources. This may lead to a denial-of-service.

 The function has been refined to reject such strings without the
 associated resource consumption in version 3.7.

 Severity: 6.9 / 10 (Moderate)
 Attack vector:          Local
 Attack complexity:        Low
 Attack Requirements:     None
 Privileges required:     None
 User interaction:        None
 Confidentiality:         None
 Integrity:               None
 Availability:            High
 CVE ID:         CVE-2024-3651"

To avoid disturbing everyone with the kernel repo hosted on GitHub,
I suggest we upgrade our python dependencies once again to appease
GitHub Dependabot.

Link: https://github.com/dependabot
Link: https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb
Signed-off-by: WangYuli <wangyuli@uniontech.com>
---
 drivers/gpu/drm/ci/xfails/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/drivers/gpu/drm/ci/xfails/requirements.txt b/drivers/gpu/drm/ci/xfails/requirements.txt
index f69b58356a37..8b2b1fa16614 100644
--- a/drivers/gpu/drm/ci/xfails/requirements.txt
+++ b/drivers/gpu/drm/ci/xfails/requirements.txt
@@ -4,7 +4,7 @@  termcolor==2.3.0
 # ci-collate dependencies
 certifi==2023.7.22
 charset-normalizer==3.2.0
-idna==3.4
+idna==3.7
 pip==23.3
 python-gitlab==3.15.0
 requests==2.32.0