search

sarvex / mongo

The Mongo Database
http://www.mongodb.org/
Other
0 stars 0 forks source link

Update dependency setuptools to v65 [SECURITY] - autoclosed #75

Closed renovate[bot] closed 3 months ago

renovate[bot] commented 3 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
setuptools (changelog) 58.1.0 -> 65.5.1 age adoption passing confidence

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2022-40897

Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in package_index. This has been patched in version 65.5.1.

Release Notes

pypa/setuptools (setuptools) ### [`v65.5.1`](https://togithub.com/pypa/setuptools/compare/v65.5.0...v65.5.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v65.5.0...v65.5.1) ### [`v65.5.0`](https://togithub.com/pypa/setuptools/compare/v65.4.1...v65.5.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v65.4.1...v65.5.0) ### [`v65.4.1`](https://togithub.com/pypa/setuptools/compare/v65.4.0...v65.4.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v65.4.0...v65.4.1) ### [`v65.4.0`](https://togithub.com/pypa/setuptools/compare/v65.3.0...v65.4.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v65.3.0...v65.4.0) ### [`v65.3.0`](https://togithub.com/pypa/setuptools/compare/v65.2.0...v65.3.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v65.2.0...v65.3.0) ### [`v65.2.0`](https://togithub.com/pypa/setuptools/compare/v65.1.1...v65.2.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v65.1.1...v65.2.0) ### [`v65.1.1`](https://togithub.com/pypa/setuptools/compare/v65.1.0...v65.1.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v65.1.0...v65.1.1) ### [`v65.1.0`](https://togithub.com/pypa/setuptools/compare/v65.0.2...v65.1.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v65.0.2...v65.1.0) ### [`v65.0.2`](https://togithub.com/pypa/setuptools/compare/v65.0.1...v65.0.2) [Compare Source](https://togithub.com/pypa/setuptools/compare/v65.0.1...v65.0.2) ### [`v65.0.1`](https://togithub.com/pypa/setuptools/compare/v65.0.0...v65.0.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v65.0.0...v65.0.1) ### [`v65.0.0`](https://togithub.com/pypa/setuptools/compare/v64.0.3...v65.0.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v64.0.3...v65.0.0) ### [`v64.0.3`](https://togithub.com/pypa/setuptools/compare/v64.0.2...v64.0.3) [Compare Source](https://togithub.com/pypa/setuptools/compare/v64.0.2...v64.0.3) ### [`v64.0.2`](https://togithub.com/pypa/setuptools/compare/v64.0.1...v64.0.2) [Compare Source](https://togithub.com/pypa/setuptools/compare/v64.0.1...v64.0.2) ### [`v64.0.1`](https://togithub.com/pypa/setuptools/compare/v64.0.0...v64.0.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v64.0.0...v64.0.1) ### [`v64.0.0`](https://togithub.com/pypa/setuptools/compare/v63.4.3...v64.0.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v63.4.3...v64.0.0) ### [`v63.4.3`](https://togithub.com/pypa/setuptools/compare/v63.4.2...v63.4.3) [Compare Source](https://togithub.com/pypa/setuptools/compare/v63.4.2...v63.4.3) ### [`v63.4.2`](https://togithub.com/pypa/setuptools/compare/v63.4.1...v63.4.2) [Compare Source](https://togithub.com/pypa/setuptools/compare/v63.4.1...v63.4.2) ### [`v63.4.1`](https://togithub.com/pypa/setuptools/compare/v63.4.0...v63.4.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v63.4.0...v63.4.1) ### [`v63.4.0`](https://togithub.com/pypa/setuptools/compare/v63.3.0...v63.4.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v63.3.0...v63.4.0) ### [`v63.3.0`](https://togithub.com/pypa/setuptools/compare/v63.2.0...v63.3.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v63.2.0...v63.3.0) ### [`v63.2.0`](https://togithub.com/pypa/setuptools/compare/v63.1.0...v63.2.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v63.1.0...v63.2.0) ### [`v63.1.0`](https://togithub.com/pypa/setuptools/compare/v63.0.0...v63.1.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v63.0.0...v63.1.0) ### [`v63.0.0`](https://togithub.com/pypa/setuptools/compare/v62.6.0...v63.0.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v62.6.0...v63.0.0) ### [`v62.6.0`](https://togithub.com/pypa/setuptools/compare/v62.5.0...v62.6.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v62.5.0...v62.6.0) ### [`v62.5.0`](https://togithub.com/pypa/setuptools/compare/v62.4.0...v62.5.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v62.4.0...v62.5.0) ### [`v62.4.0`](https://togithub.com/pypa/setuptools/compare/v62.3.4...v62.4.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v62.3.4...v62.4.0) ### [`v62.3.4`](https://togithub.com/pypa/setuptools/compare/v62.3.3...v62.3.4) [Compare Source](https://togithub.com/pypa/setuptools/compare/v62.3.3...v62.3.4) ### [`v62.3.3`](https://togithub.com/pypa/setuptools/compare/v62.3.2...v62.3.3) [Compare Source](https://togithub.com/pypa/setuptools/compare/v62.3.2...v62.3.3) ### [`v62.3.2`](https://togithub.com/pypa/setuptools/compare/v62.3.1...v62.3.2) [Compare Source](https://togithub.com/pypa/setuptools/compare/v62.3.1...v62.3.2) ### [`v62.3.1`](https://togithub.com/pypa/setuptools/compare/v62.3.0...v62.3.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v62.3.0...v62.3.1) ### [`v62.3.0`](https://togithub.com/pypa/setuptools/compare/v62.2.0...v62.3.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v62.2.0...v62.3.0) ### [`v62.2.0`](https://togithub.com/pypa/setuptools/compare/v62.1.0...v62.2.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v62.1.0...v62.2.0) ### [`v62.1.0`](https://togithub.com/pypa/setuptools/compare/v62.0.0...v62.1.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v62.0.0...v62.1.0) ### [`v62.0.0`](https://togithub.com/pypa/setuptools/compare/v61.3.1...v62.0.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v61.3.1...v62.0.0) ### [`v61.3.1`](https://togithub.com/pypa/setuptools/compare/v61.3.0...v61.3.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v61.3.0...v61.3.1) ### [`v61.3.0`](https://togithub.com/pypa/setuptools/compare/v61.2.0...v61.3.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v61.2.0...v61.3.0) ### [`v61.2.0`](https://togithub.com/pypa/setuptools/compare/v61.1.1...v61.2.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v61.1.1...v61.2.0) ### [`v61.1.1`](https://togithub.com/pypa/setuptools/compare/v61.1.0...v61.1.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v61.1.0...v61.1.1) ### [`v61.1.0`](https://togithub.com/pypa/setuptools/compare/v61.0.0...v61.1.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v61.0.0...v61.1.0) ### [`v61.0.0`](https://togithub.com/pypa/setuptools/compare/v60.10.0...v61.0.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.10.0...v61.0.0) ### [`v60.10.0`](https://togithub.com/pypa/setuptools/compare/v60.9.3...v60.10.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.9.3...v60.10.0) ### [`v60.9.3`](https://togithub.com/pypa/setuptools/compare/v60.9.2...v60.9.3) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.9.2...v60.9.3) ### [`v60.9.2`](https://togithub.com/pypa/setuptools/compare/v60.9.1...v60.9.2) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.9.1...v60.9.2) ### [`v60.9.1`](https://togithub.com/pypa/setuptools/compare/v60.9.0...v60.9.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.9.0...v60.9.1) ### [`v60.9.0`](https://togithub.com/pypa/setuptools/compare/v60.8.2...v60.9.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.8.2...v60.9.0) ### [`v60.8.2`](https://togithub.com/pypa/setuptools/compare/v60.8.1...v60.8.2) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.8.1...v60.8.2) ### [`v60.8.1`](https://togithub.com/pypa/setuptools/compare/v60.8.0...v60.8.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.8.0...v60.8.1) ### [`v60.8.0`](https://togithub.com/pypa/setuptools/compare/v60.7.1...v60.8.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.7.1...v60.8.0) ### [`v60.7.1`](https://togithub.com/pypa/setuptools/compare/v60.7.0...v60.7.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.7.0...v60.7.1) ### [`v60.7.0`](https://togithub.com/pypa/setuptools/compare/v60.6.0...v60.7.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.6.0...v60.7.0) ### [`v60.6.0`](https://togithub.com/pypa/setuptools/compare/v60.5.0...v60.6.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.5.0...v60.6.0) ### [`v60.5.0`](https://togithub.com/pypa/setuptools/compare/v60.4.0...v60.5.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.4.0...v60.5.0) ### [`v60.4.0`](https://togithub.com/pypa/setuptools/compare/v60.3.1...v60.4.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.3.1...v60.4.0) ### [`v60.3.1`](https://togithub.com/pypa/setuptools/compare/v60.3.0...v60.3.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.3.0...v60.3.1) ### [`v60.3.0`](https://togithub.com/pypa/setuptools/compare/v60.2.0...v60.3.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.2.0...v60.3.0) ### [`v60.2.0`](https://togithub.com/pypa/setuptools/compare/v60.1.1...v60.2.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.1.1...v60.2.0) ### [`v60.1.1`](https://togithub.com/pypa/setuptools/compare/v60.1.0...v60.1.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.1.0...v60.1.1) ### [`v60.1.0`](https://togithub.com/pypa/setuptools/compare/v60.0.5...v60.1.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.0.5...v60.1.0) ### [`v60.0.5`](https://togithub.com/pypa/setuptools/compare/v60.0.4...v60.0.5) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.0.4...v60.0.5) ### [`v60.0.4`](https://togithub.com/pypa/setuptools/compare/v60.0.3...v60.0.4) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.0.3...v60.0.4) ### [`v60.0.3`](https://togithub.com/pypa/setuptools/compare/v60.0.2...v60.0.3) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.0.2...v60.0.3) ### [`v60.0.2`](https://togithub.com/pypa/setuptools/compare/v60.0.1...v60.0.2) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.0.1...v60.0.2) ### [`v60.0.1`](https://togithub.com/pypa/setuptools/compare/v60.0.0...v60.0.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v60.0.0...v60.0.1) ### [`v60.0.0`](https://togithub.com/pypa/setuptools/compare/v59.8.0...v60.0.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v59.8.0...v60.0.0) ### [`v59.8.0`](https://togithub.com/pypa/setuptools/compare/v59.7.0...v59.8.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v59.7.0...v59.8.0) ### [`v59.7.0`](https://togithub.com/pypa/setuptools/compare/v59.6.0...v59.7.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v59.6.0...v59.7.0) ### [`v59.6.0`](https://togithub.com/pypa/setuptools/compare/v59.5.0...v59.6.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v59.5.0...v59.6.0) ### [`v59.5.0`](https://togithub.com/pypa/setuptools/compare/v59.4.0...v59.5.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v59.4.0...v59.5.0) ### [`v59.4.0`](https://togithub.com/pypa/setuptools/compare/v59.3.0...v59.4.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v59.3.0...v59.4.0) ### [`v59.3.0`](https://togithub.com/pypa/setuptools/compare/v59.2.0...v59.3.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v59.2.0...v59.3.0) ### [`v59.2.0`](https://togithub.com/pypa/setuptools/compare/v59.1.1...v59.2.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v59.1.1...v59.2.0) ### [`v59.1.1`](https://togithub.com/pypa/setuptools/compare/v59.1.0...v59.1.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v59.1.0...v59.1.1) ### [`v59.1.0`](https://togithub.com/pypa/setuptools/compare/v59.0.1...v59.1.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v59.0.1...v59.1.0) ### [`v59.0.1`](https://togithub.com/pypa/setuptools/compare/v58.5.3...v59.0.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v58.5.3...v59.0.1) ### [`v58.5.3`](https://togithub.com/pypa/setuptools/compare/v58.5.2...v58.5.3) [Compare Source](https://togithub.com/pypa/setuptools/compare/v58.5.2...v58.5.3) ### [`v58.5.2`](https://togithub.com/pypa/setuptools/compare/v58.5.1...v58.5.2) [Compare Source](https://togithub.com/pypa/setuptools/compare/v58.5.1...v58.5.2) ### [`v58.5.1`](https://togithub.com/pypa/setuptools/compare/v58.5.0...v58.5.1) [Compare Source](https://togithub.com/pypa/setuptools/compare/v58.5.0...v58.5.1) ### [`v58.5.0`](https://togithub.com/pypa/setuptools/compare/v58.4.0...v58.5.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v58.4.0...v58.5.0) ### [`v58.4.0`](https://togithub.com/pypa/setuptools/compare/v58.3.0...v58.4.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v58.3.0...v58.4.0) ### [`v58.3.0`](https://togithub.com/pypa/setuptools/compare/v58.2.0...v58.3.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v58.2.0...v58.3.0) ### [`v58.2.0`](https://togithub.com/pypa/setuptools/compare/v58.1.0...v58.2.0) [Compare Source](https://togithub.com/pypa/setuptools/compare/v58.1.0...v58.2.0)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] commented 3 months ago

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

The artifact failure details are included below:

File name: poetry.lock
Updating dependencies
Resolving dependencies...

Creating virtualenv mdb-python-deps-UrFFGnrX-py3.12 in /home/ubuntu/.cache/pypoetry/virtualenvs

Because mongo-tooling-metrics (1.0.8) depends on setuptools (>=58.1.0,<59.0.0)
 and mdb-python-deps depends on setuptools (65.5.1), mongo-tooling-metrics is forbidden.
So, because mdb-python-deps depends on mongo-tooling-metrics (1.0.8), version solving failed.
github-actions[bot] commented 3 months ago

🦙 MegaLinter status: ❌ ERROR

Descriptor Linter Files Fixed Errors Elapsed time
❌ ACTION actionlint 2 1 0.09s
⚠️ BASH bash-exec 354 109 1.39s
❌ BASH shellcheck 354 4942 85.8s
⚠️ BASH shfmt 354 313 1 1.54s
❌ COPYPASTE jscpd yes 1 5222.88s
❌ CSS stylelint 6 6 1 3.65s
❌ DOCKERFILE hadolint 12 1 0.67s
❌ HTML djlint 38 1 4.94s
❌ HTML htmlhint 38 2392 1.12s
❌ JAVASCRIPT eslint 6139 0 1 58.51s
❌ JAVASCRIPT standard 6139 6115 1 616.95s
❌ JSON jsonlint 232 1 0.48s
❌ JSON npm-package-json-lint yes 1 2.75s
✅ JSON prettier 232 139 0 5.61s
❌ JSON v8r 232 1 271.24s
⚠️ MARKDOWN markdownlint 269 227 1167 20.6s
❌ MARKDOWN markdown-link-check 269 19 17.52s
✅ MARKDOWN markdown-table-formatter 269 229 0 1.92s
❌ PROTOBUF protolint 162 103 3 148.94s
❌ REPOSITORY checkov yes 65 215.93s
❌ REPOSITORY gitleaks yes 1231 708.4s
❌ REPOSITORY git_diff yes 1 3.75s
❌ REPOSITORY grype yes 1 16.39s
❌ REPOSITORY secretlint yes 1 9524.56s
❌ REPOSITORY trivy yes 1 11.34s
✅ REPOSITORY trivy-sbom yes no 1.57s
✅ REPOSITORY trufflehog yes no 70.06s
❌ SPELL cspell 40759 1108486 15276.92s
❌ SPELL lychee 5676 1 10.48s
✅ XML xmllint 41 0 0 1.1s
⚠️ YAML prettier 662 512 1 23.02s
❌ YAML v8r 662 1 494.45s
❌ YAML yamllint 662 1 24.93s

See detailed report in MegaLinter reports

_MegaLinter is graciously provided by OX Security_