Fixed safety issues

Signed-off-by: Andreas Maier <maiera@de.ibm.com>

.safety-policy-install.yml

@@ -38,6 +38,16 @@ security:
             reason: Fixed pip version 23.3 requires Python>=3.7 and is used there
         64227:
             reason: Fixed Jinja2 version 3.1.3 requires Python>=3.7 and is used there
+        67599:
+            reason: There is no fixed pip version
+        67884:
+            # TODO: Adjust once we remove stomp-py pinning
+            reason: Fixed stomp-py version 8.1.1 conflicts with our pinning of stomp-py to <7.0.0
+        67894:
+            # TODO: Adjust once we remove stomp-py pinning
+            reason: Fixed stomp-py version 8.1.1 conflicts with our pinning of stomp-py to <7.0.0
+        67895:
+            reason: Fixed idna version 3.7 requires requests>=2.26.0 which requires Python>=3.6 and is used there
 
     # Continue with exit code 0 when vulnerabilities are found.
     continue-on-vulnerability-error: False

docs/changes.rst

@@ -30,6 +30,8 @@ Released: not yet
 
 **Bug fixes:**
 
+* Addressed safety issues up to 2024-05-19.
+
 * In the Github Actions test workflow for Python 3.6 and 3.7, changed
   macos-latest back to macos-12 because macos-latest got upgraded from macOS 12
   to macOS 14 which no longer supports these Python versions.

minimum-constraints-install.txt

@@ -62,12 +62,13 @@ certifi==2023.07.22
 charset-normalizer==2.0.4
 decorator==4.0.11
 docopt==0.6.2
-idna==2.5
+# idna>3 requires using requests >=2.26.0
+idna==3.7
 immutable-views==0.6.0
 MarkupSafe==2.0.0
 pytz==2016.10; python_version <= '3.9'
 pytz==2019.1; python_version >= '3.10'
-requests==2.25.0; python_version == '3.6'
+requests==2.26.0; python_version == '3.6'
 requests==2.31.0; python_version >= '3.7'
 stomp.py==4.1.23
 typing-extensions==3.10.0; python_version == '3.6'