Clarified safety ignore-unpinned; Addressed safety issues (#2093)

Signed-off-by: Andreas Maier <maiera@de.ibm.com>

Author: andy-maier

.safety-policy-develop.yml

@@ -18,7 +18,9 @@ security:
     ignore-cvss-unknown-severity: False
 
     # Ignore unpinned requirements.
-    # Should be set to False.
+    # Default is true. "Unpinned" in this case means anything else but "==".
+    # Since we are checking against the minimum-constraints file, this check
+    # is enabled (false).
     ignore-unpinned-requirements: False
 
     # List of specific vulnerabilities to ignore.
@@ -30,6 +32,8 @@ security:
             reason: Disputed issue in jinja2 version 3.1.3 - No known fix
         79993:
             reason: Fixed jupyterlab version 4.4.8 requires Python>=3.9 and other upgrades
+        82754:
+            reason: Fixed filelock version 3.20.1 requires Python>=3.10 and is used there
 
     # Continue with exit code 0 when vulnerabilities are found.
     continue-on-vulnerability-error: False

.safety-policy-install.yml

@@ -18,7 +18,9 @@ security:
     ignore-cvss-unknown-severity: False
 
     # Ignore unpinned requirements.
-    # Should be set to False.
+    # Default is true. "Unpinned" in this case means anything else but "==".
+    # Since we are checking against the minimum-constraints file, this check
+    # is enabled (false).
     ignore-unpinned-requirements: False
 
     # List of specific vulnerabilities to ignore.

dev-requirements.txt

@@ -63,7 +63,7 @@ dparse>=0.6.4
 ruamel.yaml>=0.17.21
 click>=8.0.2
 Authlib>=1.6.5
-marshmallow>=3.15.0
+marshmallow>=3.26.2
 pydantic>=2.12.0
 pydantic_core>=2.41.1
 #safety 3.6.1 depends on typer>=0.16.0
@@ -138,7 +138,7 @@ notebook>=7.2.2; sys_platform != 'win32' or python_version <= '3.12'
 jupyter>=1.0.0; sys_platform != 'win32' or python_version <= '3.12'
 jupyter-console>=6.6.3; sys_platform != 'win32' or python_version <= '3.12'
 ipywidgets>=8.0.5; sys_platform != 'win32' or python_version <= '3.12'
-nbconvert>=7.2.10; sys_platform != 'win32' or python_version <= '3.12'
+nbconvert>=7.17.0; sys_platform != 'win32' or python_version <= '3.12'
 nbclient>=0.7.4; sys_platform != 'win32' or python_version <= '3.12'
 nbformat>=5.8.0; sys_platform != 'win32' or python_version <= '3.12'
 qtconsole>=5.4.2; sys_platform != 'win32' or python_version <= '3.12'

minimum-constraints-develop.txt

@@ -50,7 +50,7 @@ dparse==0.6.4
 ruamel.yaml==0.17.21
 click==8.0.2
 Authlib==1.6.5
-marshmallow==3.15.0
+marshmallow==3.26.2
 pydantic==2.12.0
 pydantic_core==2.41.1
 typer==0.16.0
@@ -112,7 +112,7 @@ notebook==7.2.2; sys_platform != 'win32' or python_version <= '3.12'
 jupyter==1.0.0; sys_platform != 'win32' or python_version <= '3.12'
 jupyter-console==6.6.3; sys_platform != 'win32' or python_version <= '3.12'
 ipywidgets==8.0.5; sys_platform != 'win32' or python_version <= '3.12'
-nbconvert==7.2.10; sys_platform != 'win32' or python_version <= '3.12'
+nbconvert==7.17.0; sys_platform != 'win32' or python_version <= '3.12'
 nbclient==0.7.4; sys_platform != 'win32' or python_version <= '3.12'
 nbformat==5.8.0; sys_platform != 'win32' or python_version <= '3.12'
 qtconsole==5.4.2; sys_platform != 'win32' or python_version <= '3.12'
@@ -170,8 +170,8 @@ dataclasses==0.8
 decorator==4.0.11
 defusedxml==0.7.1
 distlib==0.3.7
-# safety 3.4.0 depends on filelock~=3.16.1
-filelock==3.16.1
+filelock==3.16.1; python_version == '3.9'
+filelock==3.20.1; python_version >= '3.10'
 gitdb==4.0.8
 gitdb2==2.0.0
 html5lib==1.1

minimum-constraints-install.txt

@@ -32,7 +32,7 @@ websocket-client==1.8.0
 
 certifi==2024.07.04
 
-urllib3==2.6.0
+urllib3==2.6.3
 
 
 # Direct dependencies for install of extra 'testutils' (must be consistent with extra-testutils-requirements)

requirements.txt

@@ -35,7 +35,7 @@ certifi>=2024.07.04
 # Functional dependencies on urllib3 versions:
 # - IncompleteRead fix: Distinguishing too much from not enough response data
 #   requires >=2.2.1
-urllib3>=2.6.0
+urllib3>=2.6.3
 
 
 # Indirect dependencies for install that are needed for some reason (must be consistent with minimum-constraints-install.txt)