Merge pull request saltstack#65482 from s0undt3ch/hotfix/3006.x-fixes

[3006.x] Merge v3005.4 and v3006.4 into 3006.x

CHANGELOG.md

@@ -7,6 +7,31 @@ Versions are `MAJOR.PATCH`.
 
 # Changelog
 
+
+## 3006.4 (2023-10-16)
+
+### Security
+
+- Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command.
+  This only impacts salt-ssh users using the pre-flight option. [#cve-2023-34049](https://github.com/saltstack/salt/issues/cve-2023-34049)
+- Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65163](https://github.com/saltstack/salt/issues/65163)
+- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268)
+- Upgrade relenv to 0.13.12 to address CVE-2023-4807 [#65316](https://github.com/saltstack/salt/issues/65316)
+- Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f [#65334](https://github.com/saltstack/salt/issues/65334)
+- Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65383](https://github.com/saltstack/salt/issues/65383)
+
+
+## 3005.4 (2023-10-16)
+
+### Security
+
+- Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command.
+  This only impacts salt-ssh users using the pre-flight option. (cve-2023-34049)
+- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 (#65267)
+- Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f (#65334)
+- Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c (#65383)
+
+
 ## Salt v3005.3 (2023-09-14)
 
 ### Fixed

doc/man/salt-api.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-API" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
+.TH "SALT-API" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
 .SH NAME
 salt-api \- salt-api Command
 .sp

doc/man/salt-call.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CALL" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
+.TH "SALT-CALL" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
 .SH NAME
 salt-call \- salt-call Documentation
 .SH SYNOPSIS

doc/man/salt-cloud.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CLOUD" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
+.TH "SALT-CLOUD" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
 .SH NAME
 salt-cloud \- Salt Cloud Command
 .sp

doc/man/salt-cp.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CP" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
+.TH "SALT-CP" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
 .SH NAME
 salt-cp \- salt-cp Documentation
 .sp

doc/man/salt-key.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-KEY" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
+.TH "SALT-KEY" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
 .SH NAME
 salt-key \- salt-key Documentation
 .SH SYNOPSIS

doc/man/salt-master.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-MASTER" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
+.TH "SALT-MASTER" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
 .SH NAME
 salt-master \- salt-master Documentation
 .sp

doc/man/salt-minion.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-MINION" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
+.TH "SALT-MINION" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
 .SH NAME
 salt-minion \- salt-minion Documentation
 .sp

doc/man/salt-proxy.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-PROXY" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
+.TH "SALT-PROXY" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
 .SH NAME
 salt-proxy \- salt-proxy Documentation
 .sp

doc/man/salt-run.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-RUN" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
+.TH "SALT-RUN" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
 .SH NAME
 salt-run \- salt-run Documentation
 .sp

doc/man/salt-ssh.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-SSH" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
+.TH "SALT-SSH" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
 .SH NAME
 salt-ssh \- salt-ssh Documentation
 .SH SYNOPSIS

doc/man/salt-syndic.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-SYNDIC" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
+.TH "SALT-SYNDIC" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
 .SH NAME
 salt-syndic \- salt-syndic Documentation
 .sp

doc/man/salt.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
+.TH "SALT" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
 .SH NAME
 salt \- salt
 .SH SYNOPSIS

doc/man/salt.7

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT" "7" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
+.TH "SALT" "7" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
 .SH NAME
 salt \- Salt Documentation
 .SH SALT PROJECT
@@ -194128,7 +194128,7 @@ Passes through all the parameters described in the
 \fI\%utils.http.query function\fP:
 .INDENT 7.0
 .TP
-.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.3\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs)
+.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.4\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs)
 Query a resource, and decode the return data
 .UNINDENT
 .INDENT 7.0
@@ -457626,7 +457626,7 @@ installed2
 .UNINDENT
 .INDENT 0.0
 .TP
-.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/opt/actions\-runner/_work/salt/salt/.tools\-venvs/py3.10/docs/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs)
+.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/opt/actions\-runner/_work/salt\-priv/salt\-priv/.tools\-venvs/py3.10/docs/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs)
 Install buildout in a specific directory
 .sp
 It is a thin wrapper to modules.buildout.buildout
@@ -477556,6 +477556,25 @@ Addresses multiple CVEs in Python\(aqs dependencies: \fI\%https://docs.python.or
 .IP \(bu 2
 Update to \fBgitpython>=3.1.32\fP due to \fI\%https://github.com/advisories/GHSA\-pr76\-5cm5\-w9cj\fP \fI\%#64988\fP
 .UNINDENT
+(release\-3006.4)=
+.SS Salt 3006.4 release notes
+.SS Changelog
+.SS Security
+.INDENT 0.0
+.IP \(bu 2
+Fix CVE\-2023\-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command.
+This only impacts salt\-ssh users using the pre\-flight option. \fI\%#cve\-2023\-34049\fP
+.IP \(bu 2
+Update to \fBgitpython>=3.1.35\fP due to \fI\%https://github.com/advisories/GHSA\-wfm5\-v35h\-vwf4\fP and \fI\%https://github.com/advisories/GHSA\-cwvm\-v4w8\-q58c\fP \fI\%#65163\fP
+.IP \(bu 2
+Bump to \fBcryptography==41.0.4\fP due to \fI\%https://github.com/advisories/GHSA\-v8gr\-m533\-ghj9\fP \fI\%#65268\fP
+.IP \(bu 2
+Upgrade relenv to 0.13.12 to address CVE\-2023\-4807 \fI\%#65316\fP
+.IP \(bu 2
+Bump to \fBurllib3==1.26.17\fP or \fBurllib3==2.0.6\fP due to \fI\%https://github.com/advisories/GHSA\-v845\-jxx5\-vc9f\fP \fI\%#65334\fP
+.IP \(bu 2
+Bump to \fBgitpython==3.1.37\fP due to \fI\%https://github.com/advisories/GHSA\-cwvm\-v4w8\-q58c\fP \fI\%#65383\fP
+.UNINDENT
 .sp
 See \fI\%Install a release candidate\fP
 for more information about installing an RC when one is available.

doc/man/spm.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SPM" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
+.TH "SPM" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt"
 .SH NAME
 spm \- Salt Package Manager Command
 .sp

doc/topics/releases/3005.4.rst

@@ -0,0 +1,17 @@
+.. _release-3005-4:
+
+=========================
+Salt 3005.4 Release Notes
+=========================
+
+Version 3005.4 is a CVE security fix release for :ref:`3005 <release-3005>`.
+
+
+Security
+--------
+
+- Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command.
+  This only impacts salt-ssh users using the pre-flight option. (cve-2023-34049)
+- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 (#65267)
+- Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f (#65334)
+- Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c (#65383)

doc/topics/releases/3006.4.md

@@ -0,0 +1,29 @@
+(release-3006.4)=
+# Salt 3006.4 release notes
+
+<!---
+Do not edit this file. This is auto generated.
+Edit the templates in doc/topics/releases/templates/
+for a given release.
+-->
+
+
+<!--
+Add release specific details below
+-->
+
+<!--
+Do not edit the changelog below.
+This is auto generated.
+-->
+## Changelog
+
+### Security
+
+- Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command.
+  This only impacts salt-ssh users using the pre-flight option. [#cve-2023-34049](https://github.com/saltstack/salt/issues/cve-2023-34049)
+- Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65163](https://github.com/saltstack/salt/issues/65163)
+- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268)
+- Upgrade relenv to 0.13.12 to address CVE-2023-4807 [#65316](https://github.com/saltstack/salt/issues/65316)
+- Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f [#65334](https://github.com/saltstack/salt/issues/65334)
+- Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65383](https://github.com/saltstack/salt/issues/65383)

doc/topics/releases/templates/3006.4.md.template

@@ -0,0 +1,14 @@
+(release-3006.4)=
+# Salt 3006.4 release notes{{ unreleased }}
+{{ warning }}
+
+<!--
+Add release specific details below
+-->
+
+<!--
+Do not edit the changelog below.
+This is auto generated.
+-->
+## Changelog
+{{ changelog }}

pkg/debian/changelog

@@ -1,3 +1,19 @@
+salt (3006.4) stable; urgency=medium
+
+
+  # Security
+
+  * Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command.
+    This only impacts salt*ssh users using the pre-flight option. [#cve-2023-34049](https://github.com/saltstack/salt/issues/cve-2023-34049)
+  * Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65163](https://github.com/saltstack/salt/issues/65163)
+  * Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268)
+  * Upgrade relenv to 0.13.12 to address CVE-2023-4807 [#65316](https://github.com/saltstack/salt/issues/65316)
+  * Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f [#65334](https://github.com/saltstack/salt/issues/65334)
+  * Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65383](https://github.com/saltstack/salt/issues/65383)
+
+
+ -- Salt Project Packaging <[email protected]>  Mon, 16 Oct 2023 17:22:41 +0000
+
 salt (3006.3) stable; urgency=medium
 
 

pkg/rpm/salt.spec

@@ -31,7 +31,7 @@
 %define fish_dir %{_datadir}/fish/vendor_functions.d
 
 Name:    salt
-Version: 3006.3
+Version: 3006.4
 Release: 0
 Summary: A parallel remote execution system
 Group:   System Environment/Daemons
@@ -563,6 +563,19 @@ fi
 
 
 %changelog
+* Mon Oct 16 2023 Salt Project Packaging <[email protected]> - 3006.4
+
+# Security
+
+- Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command.
+  This only impacts salt-ssh users using the pre-flight option. [#cve-2023-34049](https://github.com/saltstack/salt/issues/cve-2023-34049)
+- Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65163](https://github.com/saltstack/salt/issues/65163)
+- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268)
+- Upgrade relenv to 0.13.12 to address CVE-2023-4807 [#65316](https://github.com/saltstack/salt/issues/65316)
+- Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f [#65334](https://github.com/saltstack/salt/issues/65334)
+- Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65383](https://github.com/saltstack/salt/issues/65383)
+
+
 * Wed Sep 06 2023 Salt Project Packaging <[email protected]> - 3006.3
 
 # Removed

requirements/darwin.txt

@@ -5,7 +5,7 @@
 apache-libcloud>=2.4.0
 cherrypy>=17.4.1
 cryptography>=41.0.3
-gitpython>=3.1.30
+gitpython>=3.1.37
 idna>=2.8
 linode-python>=1.1.1
 pyasn1>=0.4.8

requirements/static/ci/common.in

@@ -15,7 +15,7 @@ clustershell
 croniter>=0.3.0,!=0.3.22"; sys_platform != 'win32'
 dnspython
 etcd3-py==0.1.6
-gitpython>=3.1.30
+gitpython>=3.1.37
 jmespath
 jsonschema
 junos-eznc; sys_platform != 'win32' and python_version <= '3.10'

requirements/static/ci/py3.10/cloud.txt

@@ -659,19 +659,19 @@ geomet==0.1.2
     # via
     #   -c requirements/static/ci/py3.10/linux.txt
     #   cassandra-driver
-gitdb==4.0.5
+gitdb==4.0.7
     # via
     #   -c requirements/static/ci/py3.10/linux.txt
     #   gitpython
-gitpython==3.1.35
+gitpython==3.1.37
     # via
     #   -c requirements/static/ci/py3.10/linux.txt
     #   -r requirements/static/ci/common.in
-google-auth==1.6.3
+google-auth==2.1.0
     # via
     #   -c requirements/static/ci/py3.10/linux.txt
     #   kubernetes
-idna==2.8
+idna==3.2
     # via
     #   -c requirements/static/ci/../pkg/py3.10/linux.txt
     #   -c requirements/static/ci/py3.10/linux.txt
@@ -1207,7 +1207,6 @@ six==1.16.0
     #   etcd3-py
     #   genshi
     #   geomet
-    #   google-auth
     #   isodate
     #   jsonschema
     #   junos-eznc
@@ -1230,7 +1229,7 @@ smbprotocol==1.10.1
     # via
     #   -r requirements/static/ci/cloud.in
     #   pypsexec
-smmap==3.0.4
+smmap==4.0.0
     # via
     #   -c requirements/static/ci/py3.10/linux.txt
     #   gitdb
@@ -1260,7 +1259,7 @@ tomli==2.0.1
     # via
     #   -c requirements/static/ci/py3.10/linux.txt
     #   pytest
-transitions==0.8.1
+transitions==0.8.9
     # via
     #   -c requirements/static/ci/py3.10/linux.txt
     #   junos-eznc
@@ -1269,7 +1268,7 @@ typing-extensions==4.2.0
     #   -c requirements/static/ci/py3.10/linux.txt
     #   pytest-shell-utilities
     #   pytest-system-statistics
-urllib3==1.26.6
+urllib3==1.26.18
     # via
     #   -c requirements/static/ci/../pkg/py3.10/linux.txt
     #   -c requirements/static/ci/py3.10/linux.txt