You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by mi...@apache.org on 2024/03/04 15:59:55 UTC

(superset) 03/04: chore: numexpr to fix CVE-2023-39631⁠ (2.8.4 => 2.9.0) (#27187)

This is an automated email from the ASF dual-hosted git repository.

michaelsmolina pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/superset.git

commit 16e5eddeb6d648cf4738ca2f0bcf5422d4e6bcb1
Author: nigzak <10...@users.noreply.github.com>
AuthorDate: Fri Mar 1 19:50:17 2024 +0100

    chore: numexpr to fix CVE-2023-39631⁠ (2.8.4 => 2.9.0) (#27187)
    
    Co-authored-by: Stefan Arnold <st...@mercedes-benz.com>
---
 requirements/base.in         |  1 +
 requirements/base.txt        |  9 +++++----
 requirements/development.txt | 11 ++++++++++-
 requirements/testing.txt     |  2 --
 4 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/requirements/base.in b/requirements/base.in
index dc632a096a..b1c67b936a 100644
--- a/requirements/base.in
+++ b/requirements/base.in
@@ -18,3 +18,4 @@
 #
 -e file:.
 urllib3>=1.26.18
+numexpr>=2.9.0
diff --git a/requirements/base.txt b/requirements/base.txt
index 2df0f87695..de25938a01 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -1,4 +1,4 @@
-# SHA1:89ce10cd392b720033db86b747e77633711a8b5f
+# SHA1:f8f2c882290c71f27b1d9f3263cf0c523cb88ad6
 #
 # This file is autogenerated by pip-compile-multi
 # To update, run:
@@ -211,8 +211,10 @@ nh3==0.2.11
     # via apache-superset
 numba==0.57.1
     # via pandas
-numexpr==2.8.4
-    # via pandas
+numexpr==2.9.0
+    # via
+    #   -r requirements/base.in
+    #   pandas
 numpy==1.23.5
     # via
     #   apache-superset
@@ -346,7 +348,6 @@ typing-extensions==4.4.0
     #   apache-superset
     #   cattrs
     #   flask-limiter
-    #   kombu
     #   limits
     #   shillelagh
 tzdata==2023.3
diff --git a/requirements/development.txt b/requirements/development.txt
index 58dd97a753..ca80cd60ed 100644
--- a/requirements/development.txt
+++ b/requirements/development.txt
@@ -82,6 +82,10 @@ ptyprocess==0.7.0
     # via pexpect
 pure-eval==0.2.2
     # via stack-data
+pure-sasl==0.6.2
+    # via
+    #   pyhive
+    #   thrift-sasl
 pyasn1==0.5.0
     # via
     #   pyasn1-modules
@@ -111,7 +115,12 @@ tableschema==1.20.2
 tabulator==1.53.5
     # via tableschema
 thrift==0.16.0
-    # via apache-superset
+    # via
+    #   apache-superset
+    #   pyhive
+    #   thrift-sasl
+thrift-sasl==0.4.3
+    # via pyhive
 tomli==2.0.1
     # via pylint
 tomlkit==0.11.8
diff --git a/requirements/testing.txt b/requirements/testing.txt
index 382e3bee4b..fce953f8e4 100644
--- a/requirements/testing.txt
+++ b/requirements/testing.txt
@@ -118,8 +118,6 @@ pyee==9.0.4
     # via playwright
 pyfakefs==5.2.2
     # via -r requirements/testing.in
-pyhive[presto]==0.7.0
-    # via apache-superset
 pytest==7.3.1
     # via
     #   -r requirements/testing.in