8000 Bump h11 from 0.14.0 to 0.16.0 in /securedrop/requirements/python3 by deeplow · Pull Request #7535 · freedomofpress/securedrop · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Bump h11 from 0.14.0 to 0.16.0 in /securedrop/requirements/python3 #7535

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasi 8000 onally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 7, 2025
Merged

Bump h11 from 0.14.0 to 0.16.0 in /securedrop/requirements/python3 #7535

merged 1 commit into from
May 7, 2025

Conversation

deeplow
Copy link
Contributor
@deeplow deeplow commented May 7, 2025

Bumps h11 from 0.14.0 to 0.16.0.

updated-dependencies:

  • dependency-name: h11 dependency-version: 0.16.0 dependency-type: indirect ...

Status

Ready for review

Description of Changes

Fixes GHSA-vqfr-h8mv-ghfj.

Changes proposed in this pull request:

Testing

How should the reviewer test this PR?
Write out any special testing steps here.

Deployment

Any special considerations for deployment? Consider both:

  1. Upgrading existing production instances.
  2. New installs.

Checklist

If you made changes to the server application code:

  • Linting (make lint) and tests (make test) pass in the development container

If you made changes to securedrop-admin:

  • Linting and tests (make -C admin test) pass in the admin development container

If you made changes to the system configuration:

If you added or removed a file deployed with the application:

  • I have updated AppArmor rules to include the change

If you made non-trivial code changes:

  • I have written a test plan and validated it for this PR

Choose one of the following:

  • I have opened a PR in the docs repo for these changes, or will do so later
  • I would appreciate help with the documentation
  • These changes do not require documentation

If you added or updated a reference to a production code dependency:

Documentation

For Rust code, dependency review is enforced by the cargo-vet CI job.

For Python code, production code dependencies are defined in:

  • admin/requirements.in
  • admin/requirements-ansible.in
  • securedrop/requirements/python3/requirements.in
  • securedrop/requirements/python3/translation.in (used in the build
    container)

If you changed another requirements.in file that applies only to development
or testing environments, then no diff review is required, and you can skip
(remove) this section.

Choose one of the following:

  • I have performed a diff review and pasted the contents to the packaging wiki
  • I would like someone else to do the diff review
  • I am silencing an alert related to a production dependency, because (please explain below):

@deeplow
Bump h11 from 0.14.0 to 0.16.0 in /securedrop/requirements/python3
e1c6c8b 
Bumps [h11](https://github.com/python-hyper/h11) from 0.14.0 to 0.16.0.
- [Commits](python-hyper/h11@v0.14.0...v0.16.0)

---
updated-dependencies:
- dependency-name: h11
  dependency-version: 0.16.0
  dependency-type: indirect
...
@deeplow deeplow requested a review from a team as a code owner May 7, 2025 13:43
@deeplow deeplow moved this to Ready For Review in SecureDrop May 7, 2025
@cfm
Copy link
Member
cfm commented May 7, 2025

@deeplow, I think this has surprised us just because my reorganization of the requirements.txt files in #7506 (merged yesterday) probably clobbered your previous update of h11 in #7521 (merged last week).

I'll merge this once the demo build is happy again.

@cfm cfm moved this from Ready For Review to Under Review in SecureDrop May 7, 2025
@cfm cfm self-assigned this May 7, 2025
@cfm cfm added this pull request to the merge queue May 7, 2025
Merged via the queue into develop with commit de625ca May 7, 2025
44 checks passed
@github-project-automation github-project-automation bot moved this from Under Review to Done in SecureDrop May 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cfm cfm cfm approved these changes

Assignees

@cfm cfm

Labels
None yet
Projects
SecureDrop
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@deeplow @cfm
0