Skip to content

Security updates 2025ww20 #127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
May 19, 2025
Merged

Security updates 2025ww20 #127

merged 5 commits into from
May 19, 2025

Conversation

Maxim-Doronin
Copy link
Contributor

Summary

Consolidated deps update

JIRA ticket

  • E-xxxxx

Related PR in NPU Compiler and/or OpenVINO repository with sub-module update

  • PR-xxx

Other related tickets

List tickets for additional work, eg, something was found during review but you agreed to address it in another Jira

  • E-xxxxx

dependabot bot and others added 5 commits May 16, 2025 13:09
@dependabot @Maxim-Doronin
Bump cryptography from 43.0.1 to 44.0.1 in /llvm/utils/git
625be9c 
Bumps [cryptography](https://github.com/pyca/cryptography) from 43.0.1 to 44.0.1.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@43.0.1...44.0.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 44.0.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @Maxim-Doronin
Bump tar-fs from 2.1.1 to 2.1.2 in /mlir/utils/vscode
9fc7caf 
Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.1 to 2.1.2.
- [Commits](mafintosh/tar-fs@v2.1.1...v2.1.2)

---
updated-dependencies:
- dependency-name: tar-fs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @Maxim-Doronin
Bump tar-fs from 2.1.1 to 2.1.2 in /lldb/tools/lldb-dap
8487e77 
Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.1 to 2.1.2.
- [Commits](mafintosh/tar-fs@v2.1.1...v2.1.2)

---
updated-dependencies:
- dependency-name: tar-fs
  dependency-version: 2.1.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @Maxim-Doronin
Bump jinja2 from 3.1.4 to 3.1.6 in /llvm/docs
8728aa3 
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.4 to 3.1.6.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.4...3.1.6)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-version: 3.1.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@Maxim-Doronin
Bump llvm/utils/git/requirements.txt cryptography
9de6485
@Maxim-Doronin Maxim-Doronin requested a review from a team as a code owner May 16, 2025 12:16
@Maxim-Doronin Maxim-Doronin added the dependencies Pull requests that update a dependency file label May 16, 2025
@Maxim-Doronin Maxim-Doronin changed the title Md/security updates 2025ww20 Security updates 2025ww20 May 16, 2025
@Maxim-Doronin Maxim-Doronin merged commit 07ea969 into intel:npu/release/19.x May 19, 2025
8 checks passed
sramasit pushed a commit to sramasit/npu-plugin-llvm that referenced this pull request Jun 27, 2025
@Maxim-Doronin @dependabot @sramasit
Security updates 2025ww20 (intel#127)
c685670 
* Bump cryptography from 43.0.1 to 44.0.1 in /llvm/utils/git

Bumps [cryptography](https://github.com/pyca/cryptography) from 43.0.1 to 44.0.1.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@43.0.1...44.0.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 44.0.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump tar-fs from 2.1.1 to 2.1.2 in /mlir/utils/vscode

Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.1 to 2.1.2.
- [Commits](mafintosh/tar-fs@v2.1.1...v2.1.2)

---
updated-dependencies:
- dependency-name: tar-fs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump tar-fs from 2.1.1 to 2.1.2 in /lldb/tools/lldb-dap

Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.1 to 2.1.2.
- [Commits](mafintosh/tar-fs@v2.1.1...v2.1.2)

---
updated-dependencies:
- dependency-name: tar-fs
  dependency-version: 2.1.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump jinja2 from 3.1.4 to 3.1.6 in /llvm/docs

Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.4 to 3.1.6.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.4...3.1.6)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-version: 3.1.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump llvm/utils/git/requirements.txt cryptography

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
sramasit pushed a commit to sramasit/npu-plugin-llvm that referenced this pull request Jun 27, 2025
@Maxim-Doronin @dependabot @sramasit
Security updates 2025ww20 (intel#127)
2a11ffb 
* Bump cryptography from 43.0.1 to 44.0.1 in /llvm/utils/git

Bumps [cryptography](https://github.com/pyca/cryptography) from 43.0.1 to 44.0.1.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@43.0.1...44.0.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 44.0.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump tar-fs from 2.1.1 to 2.1.2 in /mlir/utils/vscode

Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.1 to 2.1.2.
- [Commits](mafintosh/tar-fs@v2.1.1...v2.1.2)

---
updated-dependencies:
- dependency-name: tar-fs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump tar-fs from 2.1.1 to 2.1.2 in /lldb/tools/lldb-dap

Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.1 to 2.1.2.
- [Commits](mafintosh/tar-fs@v2.1.1...v2.1.2)

---
updated-dependencies:
- dependency-name: tar-fs
  dependency-version: 2.1.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump jinja2 from 3.1.4 to 3.1.6 in /llvm/docs

Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.4 to 3.1.6.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.4...3.1.6)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-version: 3.1.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump llvm/utils/git/requirements.txt cryptography

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrey-golubev andrey-golubev andrey-golubev approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Maxim-Doronin @andrey-golubev