Safety vulnerability ID: 52409
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Smqtk-dataprovider 0.17.0 updates its dependency 'urllib3' to v1.26.5 to include a security fix.
Latest version: 0.18.0
SMQTK Data provision abstractions and implementations
=======
This minor release removes support for python version 3.6 which has since
reached EoL.
Updates / New Features
----------------------
CI
* Updated CI unittests workflow to include codecov reporting.
Reduced CodeCov report submission by skipping this step on scheduled runs.
* Update GitHub actions workflows with pinned python versions to use 3.7.
* Update code-cov action usage to use v3.
* Added properties file for use with SonarQube and SonarCloud.
* Added script and workflow to support release process as described in
smqtk-core shared document.
* Added explicit provision of codecov repository token to github action.
* Add testing for py3.11.
* Use modern numpy for python 3.8 and beyond.
Data Elements
* Memory
* Removed assertion that given data was specifically a bytes instance via
superfluous ``memoryview`` construction.
* PostgreSQL
* Removed outdated defaults for host and port.
* URL
* Removed injection of ``http`` on construction to the beginning of a given
URL if any schema was missing.
Dependencies
* Updated minimum required python version to 3.7 to follow python end of life.
* Updated development abstract dep versions to "*" since we do not currently
require any specific versions.
Documentation
* Updated CONTRIBUTING.md to reference smqtk-core's CONTRIBUTING.md file.
Fixes
-----
CI
* Modified CI unittests workflow to run for PRs targeting branches that match
the `release*` glob.
* Fixed new issues raised by updated version of ``mypy``.
Dependency Versions
* Updated the locked version of urllib3 to address a security vulnerability.
* Updated the developer dependency and locked version of ipython to address a
security vulnerability.
* Removed `jedi = "^0.17.2"` requirement since recent `ipython = "^7.17.3"`
update appropriately addresses the dependency.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application