Skip to content

Update generated requirements.txt to resolve Dependabot alerts#194

Open
ihalatci wants to merge 3 commits intomasterfrom
chore/dependabot-requirements-sync-20260303
Open

Update generated requirements.txt to resolve Dependabot alerts#194
ihalatci wants to merge 3 commits intomasterfrom
chore/dependabot-requirements-sync-20260303

Conversation

@ihalatci
Copy link
Contributor

@ihalatci ihalatci commented Mar 3, 2026

Summary

This PR updates generated requirements.txt files in CircleCI images to resolve currently open Dependabot alerts.

Files updated:

  • circleci/images/citusupgradetester/files/etc/requirements.txt
  • circleci/images/failtester/files/etc/requirements.txt
  • circleci/images/pgupgradetester/files/etc/requirements.txt
  • circleci/images/stylechecker/files/etc/requirements.txt

How these were generated

As documented in each requirements file:

  • base images: generated with pipenv requirements from Citus src/test/regress/Pipfile.lock
  • stylechecker: generated with pipenv requirements --dev from the same lockfile

Source lockfile basis used: citusdata/citus src/test/regress/Pipfile.lock from PR #8488.

Security-relevant updates in all 4 files

  • cryptography: 44.0.3 -> 46.0.5
  • Werkzeug: 3.1.4 -> 3.1.5
  • filelock: 3.20.2 -> 3.25.0
  • pyasn1: 0.6.1 -> 0.6.2

Dependabot alerts addressed

Closes alerts: #186, #187, #188, #189, #190, #191, #192, #193, #194, #195, #196, #197, #198, #199, #200, #201.

This was referenced Mar 3, 2026
Closed
Closed
Closed
Closed
Closed
Closed
@ihalatci
Copy link
Contributor Author

ihalatci commented Mar 3, 2026

Supersedes Dependabot PRs #187, #188, #189, #190, #191, and #192 with one consolidated requirements refresh.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ihalatci