Restricted configobj to dev dependecy and prepare release (#205)

* moved configobj to dev dependency * prepare release
exasol · Nov 24, 2023 · a45963b · a45963b
1 parent f0b243e
commit a45963b
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 5 deletions.
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
@@ -1,5 +1,6 @@
 # Changes
 
+* [0.18.1](changes_0.18.1.md)
 * [0.18.0](changes_0.18.0.md)
 * [0.17.0](changes_0.17.0.md)
 * [0.16.0](changes_0.16.0.md)

diff --git a/doc/changes/changes_0.18.1.md b/doc/changes/changes_0.18.1.md
@@ -0,0 +1,13 @@
+# Script-Languages-Container-Tool 0.18.0, released 2023-11-24
+
+Code name: Configobj moved
+
+## Summary 
+
+This release moves configobj from dependencies to dev dependencies so the security alert 
+regarding ReDoS exploit does not propagate
+
+## Security
+
+  - moved configobj to dev dependencies
+
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "exasol-script-languages-container-tool"
-version = "0.18.0"
+version = "0.18.1"
 description = "Script Languages Container Tool"
 
 license = "MIT"
@@ -23,14 +23,14 @@ importlib-resources = ">=5.4.0"
 networkx = "2.8.2" # We pinned networkx to this version, because in newer versions it throws an exception, see https://github.com/exasol/integration-test-docker-environment/issues/228
 exasol-integration-test-docker-environment = "^1.7.1"
 typeguard = "<3.0.0"
-configobj = "^5.0.8"
 
 [build-system]
 requires = ["poetry_core>=1.0.0"]
 build-backend = "poetry.core.masonry.api"
 
 [tool.poetry.dev-dependencies]
 toml = ">=0.10.2"
+configobj = "^5.0.8" # moved to dev dependencie so security alert does not propagate further up
 
 
 [tool.poetry.scripts]

diff --git a/test/resources/test_container/full/build/deps/requirements.txt b/test/resources/test_container/full/build/deps/requirements.txt
@@ -1,4 +1,4 @@
-pyodbc>=4.0.27
+pyodbc<5.0.0
 pytz
 lxml
 docker