Skip to content

scripts: ci: refresh scripts/requirements-actions.txt and doc/requirements.txt pinned versions and SHAs #100729

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nashif merged 2 commits into from
Dec 9, 2025
Merged

scripts: ci: refresh scripts/requirements-actions.txt and doc/requirements.txt pinned versions and SHAs #100729

nashif merged 2 commits into from
Dec 9, 2025

Conversation

@kartben
Copy link
Contributor

@kartben kartben commented Dec 9, 2025
edited
Loading

This ensures, we pick a urllib version >2.6.0.
See:

Marking as hotfix as this will likely show up as alarming issues in people's dashboards downstream (e.g. dependabot and the like), despite the actual impact for the project being likely null (this is CI only stuff).

@kartben kartben added priority: high High impact/importance bug and removed priority: high High impact/importance bug labels Dec 9, 2025
@kartben kartben marked this pull request as ready for review December 9, 2025 10:37
@kartben kartben added the Hotfix Fix for issues blocking development, i.e. upstream CI issues, tests failing in upstream CI , etc. label Dec 9, 2025
@pdgendt
Copy link
Contributor

pdgendt commented Dec 9, 2025

We should update the input files too, right?

@kartben
Copy link
Contributor Author

kartben commented Dec 9, 2025

We should update the input files too, right?

it's not a direct dependency of ours though, so I am not sure. But we could, I guess

@aescolar
Copy link
Member

aescolar commented Dec 9, 2025

@kartben note the description/commit msgs link to the same CVEs twice

@kartben
scripts: ci: refresh requirements-actions.txt pinned versions and SHAs
7a893bc 
This ensures, we pick a `urllib` version >2.6.0.
See:
- CVE-2025-66418 High severity
- CVE-2025-66471 High severity

Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
@kartben
doc: ci: refresh requirements.txt pinned versions and SHAs
ffe204d 
This ensures, we pick a `urllib` version >2.6.0.
See:
- CVE-2025-66418 High severity
- CVE-2025-66471 High severity

Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 9, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@kartben kartben mentioned this pull request Dec 9, 2025
Closed
@nashif nashif merged commit a297a65 into zephyrproject-rtos:main Dec 9, 2025
26 of 27 checks passed
@kartben kartben deleted the req_actions branch December 9, 2025 15:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nashif nashif nashif approved these changes

@henrikbrixandersen henrikbrixandersen henrikbrixandersen approved these changes

@pdgendt pdgendt pdgendt approved these changes

@aescolar aescolar aescolar approved these changes

@carlescufi carlescufi Awaiting requested review from carlescufi

@fabiobaltieri fabiobaltieri Awaiting requested review from fabiobaltieri

@gmarull gmarull Awaiting requested review from gmarull

@stephanosio stephanosio Awaiting requested review from stephanosio

Assignees

@nashif nashif

@stephanosio stephanosio

Labels

area: Continuous Integration area: Documentation Infrastructure Hotfix Fix for issues blocking development, i.e. upstream CI issues, tests failing in upstream CI , etc.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@kartben @pdgendt @aescolar @nashif @henrikbrixandersen @stephanosio @zephyrbot