Addressed safety issues from 6/2023

Signed-off-by: Andreas Maier <maiera@de.ibm.com>

.safety-policy.yml

@@ -45,8 +45,7 @@ security:
         50886:
             reason: Fixed Pygments version requires Python>=3.5 and is used there
         51457:
-            reason: Py package is not yet fixed (latest version 1.11.0)
-            expires: 2023-06-30
+            reason: Py package will no longer be fixed (latest version 1.11.0)
         51499:
             reason: Fixed Wheel version requires Python>=3.7 and is used there; Risk is on Pypi side
         52322:
@@ -57,6 +56,8 @@ security:
             reason: Fixed Setuptools version requires Python>=3.7 and is used there; Risk is on Pypi side
         52518:
             reason: Fixed GitPython version requires Python>=3.7 and is used there
+        58755:
+            reason: Fixed requests version 2.31.0 requires Python>=3.7 and is used there
 
     # Continue with exit code 0 when vulnerabilities are found.
     continue-on-vulnerability-error: False

docs/changes.rst

@@ -38,6 +38,9 @@ Released: not yet
 * Circumvented the removal of Python 2.7 from the Github Actions plugin
   setup-python, by using the Docker container python:2.7.18-buster instead.
 
+* Addressed safety issues from 6/2023, by increasing 'requests' to 2.31.0
+  on Python >=3.7.
+
 **Enhancements:**
 
 * Improved the end2end test cases for session management.

minimum-constraints.txt

@@ -151,7 +151,8 @@ pytz==2016.10; python_version <= '3.9'
 pytz==2019.1; python_version >= '3.10'
 stomp.py==4.1.23
 wcwidth==0.1.7
-requests==2.25.0
+requests==2.25.0; python_version <= '3.6'
+requests==2.31.0; python_version >= '3.7'
 
 
 # Direct dependencies for development (must be consistent with dev-requirements.txt)