From c5ecd45cf27f85957dee259322c15cec045015fa Mon Sep 17 00:00:00 2001 From: Nicholas Nadeau Date: Tue, 30 Aug 2022 01:30:40 -0400 Subject: [PATCH 1/6] fix: pillow GHSA-4fx9-vc88-q2xc --- poetry.lock | 2 +- pyproject.toml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/poetry.lock b/poetry.lock index 02af99fe..1456ee24 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1654,7 +1654,7 @@ testing = ["func-timeout", "jaraco.itertools", "pytest (>=6)", "pytest-black (>= [metadata] lock-version = "1.1" python-versions = "^3.7.1,<3.11" -content-hash = "4b10d634db1dfc57ab9373c81c323b8d835068d09b38f9e2be7f67b094bf4c4a" +content-hash = "7a7522478b7091f5a8df27b2b78dd1c1da30fb9cf98e82a1d7bb54ef3cd856a1" [metadata.files] alabaster = [ diff --git a/pyproject.toml b/pyproject.toml index 7c557f15..c60b7453 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -84,6 +84,9 @@ sphinx-rtd-theme = "*" sphinxcontrib-apidoc = "*" vulture = ">=2.0" +[tool.poetry.group.dev.dependencies] +Pillow = ">=9.0.0" + [tool.black] line-length = 88 target_version = ['py37'] From b8cc5bc0a9acb846af9ec4247c48811af4774f6c Mon Sep 17 00:00:00 2001 From: Nicholas Nadeau Date: Tue, 30 Aug 2022 01:32:19 -0400 Subject: [PATCH 2/6] fix: notebook GHSA-v7vq-3x77-87vg --- poetry.lock | 2 +- pyproject.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/poetry.lock b/poetry.lock index 1456ee24..2b3669d2 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1654,7 +1654,7 @@ testing = ["func-timeout", "jaraco.itertools", "pytest (>=6)", "pytest-black (>= [metadata] lock-version = "1.1" python-versions = "^3.7.1,<3.11" -content-hash = "7a7522478b7091f5a8df27b2b78dd1c1da30fb9cf98e82a1d7bb54ef3cd856a1" +content-hash = "5217ecfa759e56cf707fa4da0a353f472913a36c842b28d02b769d76e09002b3" [metadata.files] alabaster = [ diff --git a/pyproject.toml b/pyproject.toml index c60b7453..08c6aba3 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -68,7 +68,6 @@ isort = ">=5.5" matplotlib = "*" mccabe = "*" mypy = ">=0.960" -notebook = "*" pandas = "*" pep8-naming = "*" pydocstyle = ">=6" @@ -86,6 +85,7 @@ vulture = ">=2.0" [tool.poetry.group.dev.dependencies] Pillow = ">=9.0.0" +notebook = ">=6.4.12" [tool.black] line-length = 88 From 1bb85bc61125da8cae273d35ad0079537f8c453a Mon Sep 17 00:00:00 2001 From: Nicholas Nadeau Date: Tue, 30 Aug 2022 01:33:26 -0400 Subject: [PATCH 3/6] fix: nbconvert GHSA-9jmq-rx5f-8jwq --- poetry.lock | 2 +- pyproject.toml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/poetry.lock b/poetry.lock index 2b3669d2..f0ffb13d 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1654,7 +1654,7 @@ testing = ["func-timeout", "jaraco.itertools", "pytest (>=6)", "pytest-black (>= [metadata] lock-version = "1.1" python-versions = "^3.7.1,<3.11" -content-hash = "5217ecfa759e56cf707fa4da0a353f472913a36c842b28d02b769d76e09002b3" +content-hash = "fb1cbc5cac5f243e443730248fb6bbdc68a4268ff9d78a58d1241d5e9b56c2b8" [metadata.files] alabaster = [ diff --git a/pyproject.toml b/pyproject.toml index 08c6aba3..548d4c74 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -86,6 +86,7 @@ vulture = ">=2.0" [tool.poetry.group.dev.dependencies] Pillow = ">=9.0.0" notebook = ">=6.4.12" +nbconvert = ">=6.5.1" [tool.black] line-length = 88 From 9118478bb57d4d6e9133e64604353ad5d2a83d5f Mon Sep 17 00:00:00 2001 From: Nicholas Nadeau Date: Tue, 30 Aug 2022 01:34:26 -0400 Subject: [PATCH 4/6] fix: pillow GHSA-9j59-75qj-795w --- poetry.lock | 2 +- pyproject.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/poetry.lock b/poetry.lock index f0ffb13d..e286c618 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1654,7 +1654,7 @@ testing = ["func-timeout", "jaraco.itertools", "pytest (>=6)", "pytest-black (>= [metadata] lock-version = "1.1" python-versions = "^3.7.1,<3.11" -content-hash = "fb1cbc5cac5f243e443730248fb6bbdc68a4268ff9d78a58d1241d5e9b56c2b8" +content-hash = "a5bd6a6c296c84f32bc9819d7847c148e5404ba37a7131683178939f57417c0c" [metadata.files] alabaster = [ diff --git a/pyproject.toml b/pyproject.toml index 548d4c74..8f57ebb9 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -84,7 +84,7 @@ sphinxcontrib-apidoc = "*" vulture = ">=2.0" [tool.poetry.group.dev.dependencies] -Pillow = ">=9.0.0" +Pillow = ">=9.0.1" notebook = ">=6.4.12" nbconvert = ">=6.5.1" From d1610d609b47b6a072c9b7d52e4f60fcdb240f41 Mon Sep 17 00:00:00 2001 From: Nicholas Nadeau Date: Tue, 30 Aug 2022 01:37:12 -0400 Subject: [PATCH 5/6] build: poetry update --- poetry.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/poetry.lock b/poetry.lock index e286c618..da125e9a 100644 --- a/poetry.lock +++ b/poetry.lock @@ -257,7 +257,7 @@ python-versions = ">=3.6" [[package]] name = "exceptiongroup" -version = "1.0.0rc8" +version = "1.0.0rc9" description = "Backport of PEP 654 (exception groups)" category = "dev" optional = false @@ -414,7 +414,7 @@ python-versions = "*" [[package]] name = "ipykernel" -version = "6.15.1" +version = "6.15.2" description = "IPython Kernel for Jupyter" category = "dev" optional = false @@ -1915,8 +1915,8 @@ entrypoints = [ {file = "entrypoints-0.4.tar.gz", hash = "sha256:b706eddaa9218a19ebcd67b56818f05bb27589b1ca9e8d797b74affad4ccacd4"}, ] exceptiongroup = [ - {file = "exceptiongroup-1.0.0rc8-py3-none-any.whl", hash = "sha256:ab0a968e1ef769e55d9a596f4a89f7be9ffedbc9fdefdb77cc68cf5c33ce1035"}, - {file = "exceptiongroup-1.0.0rc8.tar.gz", hash = "sha256:6990c24f06b8d33c8065cfe43e5e8a4bfa384e0358be036af9cc60b6321bd11a"}, + {file = "exceptiongroup-1.0.0rc9-py3-none-any.whl", hash = "sha256:2e3c3fc1538a094aab74fad52d6c33fc94de3dfee3ee01f187c0e0c72aec5337"}, + {file = "exceptiongroup-1.0.0rc9.tar.gz", hash = "sha256:9086a4a21ef9b31c72181c77c040a074ba0889ee56a7b289ff0afb0d97655f96"}, ] fastjsonschema = [ {file = "fastjsonschema-2.16.1-py3-none-any.whl", hash = "sha256:2f7158c4de792555753d6c2277d6a2af2d406dfd97aeca21d17173561ede4fe6"}, @@ -1959,8 +1959,8 @@ iniconfig = [ {file = "iniconfig-1.1.1.tar.gz", hash = "sha256:bc3af051d7d14b2ee5ef9969666def0cd1a000e121eaea580d4a313df4b37f32"}, ] ipykernel = [ - {file = "ipykernel-6.15.1-py3-none-any.whl", hash = "sha256:d8969c5b23b0e453a23166da5a669c954db399789293fcb03fec5cb25367e43c"}, - {file = "ipykernel-6.15.1.tar.gz", hash = "sha256:37acc3254caa8a0dafcddddc8dc863a60ad1b46487b68aee361d9a15bda98112"}, + {file = "ipykernel-6.15.2-py3-none-any.whl", hash = "sha256:59183ef833b82c72211aace3fb48fd20eae8e2d0cae475f3d5c39d4a688e81ec"}, + {file = "ipykernel-6.15.2.tar.gz", hash = "sha256:e7481083b438609c9c8a22d6362e8e1bc6ec94ba0741b666941e634f2d61bdf3"}, ] ipython = [ {file = "ipython-7.34.0-py3-none-any.whl", hash = "sha256:c175d2440a1caff76116eb719d40538fbb316e214eda85c5515c303aacbfb23e"}, From e42edc208359bb95dc1884dd7aec91884e393506 Mon Sep 17 00:00:00 2001 From: Nicholas Nadeau Date: Tue, 30 Aug 2022 01:39:28 -0400 Subject: [PATCH 6/6] build: don't use poetry prerelease groups --- pyproject.toml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 8f57ebb9..9f44df41 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -68,8 +68,11 @@ isort = ">=5.5" matplotlib = "*" mccabe = "*" mypy = ">=0.960" +nbconvert = ">=6.5.1" +notebook = ">=6.4.12" pandas = "*" pep8-naming = "*" +Pillow = ">=9.0.1" pydocstyle = ">=6" pytest = ">=7" pytest-cov = "*" @@ -83,11 +86,6 @@ sphinx-rtd-theme = "*" sphinxcontrib-apidoc = "*" vulture = ">=2.0" -[tool.poetry.group.dev.dependencies] -Pillow = ">=9.0.1" -notebook = ">=6.4.12" -nbconvert = ">=6.5.1" - [tool.black] line-length = 88 target_version = ['py37']