From 4f6824f671b35f7ddb420509a8a10894e8c47ce2 Mon Sep 17 00:00:00 2001 From: "Walter A. Boring IV" Date: Wed, 10 Jun 2026 15:58:05 -0400 Subject: [PATCH] chore(deps): upgrade all pinned dependencies to latest (#229) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Key security upgrades: - urllib3: 2.6.3 → 2.7.0 (fixes CVE-2026-decompression bypass) - requests: 2.32.5 → 2.34.2 (fixes CVE-2026-25645 insecure temp file) - idna: 3.11 → 3.18 (fixes CVE-2026-45409 crafted input DoS) - pygments: 2.19.2 → 2.20.0 (fixes CVE-2026-4539 ReDoS) Also bumps: attrs, bitarray, certifi, charset-normalizer, click, importlib-metadata, markdown-it-py, oslo-config, oslo-i18n, packaging, pytz, rich, stevedore, update-checker, wrapt, zipp --- requirements.txt | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/requirements.txt b/requirements.txt index 62e8836..dcc5df4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,45 +1,45 @@ # This file was autogenerated by uv via the following command: # uv pip compile --resolver backtracking --annotation-style=line requirements.in -o requirements.txt aprslib @ git+https://github.com/hemna/aprs-python.git@09cd7a2829a2e9d28ee1566881c843cc4769e590 # via -r requirements.in -attrs==25.4.0 # via ax253, kiss3, rush +attrs==26.1.0 # via ax253, kiss3, rush ax253==0.1.5.post1 # via kiss3 -bitarray==3.8.0 # via ax253, kiss3 -certifi==2025.11.12 # via requests -charset-normalizer==3.4.4 # via requests -click==8.3.1 # via -r requirements.in +bitarray==3.8.1 # via ax253, kiss3 +certifi==2026.5.20 # via requests +charset-normalizer==3.4.7 # via requests +click==8.4.1 # via -r requirements.in dataclasses-json==0.6.7 # via -r requirements.in haversine==2.9.0 # via -r requirements.in -idna==3.11 # via requests -importlib-metadata==8.7.0 # via ax253, kiss3 +idna==3.18 # via requests +importlib-metadata==9.0.0 # via ax253, kiss3 kiss3==8.0.0 # via -r requirements.in loguru==0.7.3 # via -r requirements.in -markdown-it-py==4.0.0 # via rich +markdown-it-py==4.2.0 # via rich marshmallow==3.26.2 # via dataclasses-json mdurl==0.1.2 # via markdown-it-py mypy-extensions==1.1.0 # via typing-inspect netaddr==1.3.0 # via oslo-config -oslo-config==10.1.0 # via -r requirements.in -oslo-i18n==6.7.1 # via oslo-config -packaging==25.0 # via marshmallow +oslo-config==10.4.0 # via -r requirements.in +oslo-i18n==6.8.0 # via oslo-config +packaging==26.2 # via marshmallow pbr==7.0.3 # via oslo-i18n pluggy==1.6.0 # via -r requirements.in -pygments==2.19.2 # via rich +pygments==2.20.0 # via rich pyserial==3.5 # via pyserial-asyncio pyserial-asyncio==0.6 # via kiss3 -pytz==2025.2 # via -r requirements.in +pytz==2026.2 # via -r requirements.in pyyaml==6.0.3 # via oslo-config -requests==2.32.5 # via oslo-config, update-checker, -r requirements.in +requests==2.34.2 # via oslo-config, -r requirements.in rfc3986==2.0.0 # via oslo-config -rich==14.2.0 # via -r requirements.in +rich==15.0.0 # via -r requirements.in rush==2021.4.0 # via -r requirements.in setuptools==82.0.1 # via pbr -stevedore==5.6.0 # via oslo-config +stevedore==5.8.0 # via oslo-config thesmuggler==1.0.1 # via -r requirements.in timeago==1.0.16 # via -r requirements.in typing-extensions==4.15.0 # via typing-inspect typing-inspect==0.9.0 # via dataclasses-json tzlocal==5.3.1 # via -r requirements.in -update-checker==0.18.0 # via -r requirements.in -urllib3==2.6.3 # via requests -wrapt==2.0.1 # via -r requirements.in -zipp==3.23.0 # via importlib-metadata +update-checker==1.0.0 # via -r requirements.in +urllib3==2.7.0 # via requests +wrapt==2.2.1 # via -r requirements.in +zipp==4.1.0 # via importlib-metadata