drm/ci: make github dependabot happy again

The drm CI scripts for gitlab have a requirements file that makes the
github 'dependabot' worry about a few of the required tooling versions.

It wants to update the pip requirements from 23.2.1 to 23.3:

 "When installing a package from a Mercurial VCS URL, e.g. pip install
  hg+..., with pip prior to v23.3, the specified Mercurial revision
  could be used to inject arbitrary configuration options to the hg
  clone call (e.g. --config). Controlling the Mercurial configuration
  can modify how and which repository is installed. This vulnerability
  does not affect users who aren't installing from Mercurial"

and upgrade the urllib3 requirements from 2.0.4 to 2.0.7 due to two
issues:

 "urllib3's request body not stripped after redirect from 303 status
  changes request method to GET"

 "`Cookie` HTTP header isn't stripped on cross-origin redirects"

The file also ends up not having a newline at the end, that my editor
ends up wanting to fix automatically.

Link: https://github.com/dependabot
Tested-by: Helen Koike <helen.koike@collabora.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/drivers/gpu/drm/ci/xfails/requirements.txt b/drivers/gpu/drm/ci/xfails/requirements.txt
index d8856d1581fdb3507c0ff8ff3ea8a1ae5be92862..e9994c9db799bfb9a555edbaea2d84103db53e79 100644 (file)
--- a/drivers/gpu/drm/ci/xfails/requirements.txt
+++ b/drivers/gpu/drm/ci/xfails/requirements.txt
@@ -5,7 +5,7 @@ termcolor==2.3.0
 certifi==2023.7.22
 charset-normalizer==3.2.0
 idna==3.4
-pip==23.2.1
+pip==23.3
 python-gitlab==3.15.0
 requests==2.31.0
 requests-toolbelt==1.0.0
@@ -13,5 +13,5 @@ ruamel.yaml==0.17.32
 ruamel.yaml.clib==0.2.7
 setuptools==68.0.0
 tenacity==8.2.3
-urllib3==2.0.4
-wheel==0.41.1
\ No newline at end of file
+urllib3==2.0.7
+wheel==0.41.1