Update dependencies for h11 CVE-2025-43859 (#562)

ArBridgeman · web-flow · commit efd68f816cb2 · 2025-04-25T09:34:31.000+02:00
* Update dependencies to resolve h11 vulnerability in transitive dependence

* Ensure poetry 2.1.x+

* Update exasol-toolbox to 1.0.1 &amp; related workflows
diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml
@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
 
       - name: Build Artifacts
         run: poetry build
diff --git a/.github/workflows/check-release-tag.yml b/.github/workflows/check-release-tag.yml
@@ -14,7 +14,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
 
       - name: Check Tag Version
         # make sure the pushed/created tag matched the project version
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -16,7 +16,7 @@ jobs:
           fetch-depth: 0
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
 
       - name: Check Version(s)
         run: |
@@ -32,7 +32,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
 
       - name: Build Documentation
         run: |
@@ -52,7 +52,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
 
       - name: Run changelog update check
         run: poetry run -- nox -s changelog:updated
@@ -70,7 +70,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -99,7 +99,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -119,7 +119,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -142,7 +142,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
 
       - name: Run format check
         run: poetry run -- nox -s project:format
@@ -162,7 +162,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
         with:
           python-version: ${{ matrix.python-version }}
 
diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml
@@ -16,7 +16,7 @@ jobs:
           fetch-depth: 0
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
 
       - name: Build Documentation
         run: |
diff --git a/.github/workflows/matrix-all.yml b/.github/workflows/matrix-all.yml
@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
 
       - name: Generate matrix
         run: poetry run -- nox -s matrix:all
diff --git a/.github/workflows/matrix-exasol.yml b/.github/workflows/matrix-exasol.yml
@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
 
       - name: Generate matrix
         run: poetry run -- nox -s matrix:exasol
diff --git a/.github/workflows/matrix-python.yml b/.github/workflows/matrix-python.yml
@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
 
       - name: Generate matrix
         run: poetry run -- nox -s matrix:python
diff --git a/.github/workflows/report.yml b/.github/workflows/report.yml
@@ -17,7 +17,7 @@ jobs:
           fetch-depth: 0
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
 
       - name: Download Artifacts
         uses: actions/download-artifact@v4.1.8
@@ -52,6 +52,6 @@ jobs:
           poetry run -- nox -s project:report -- --format markdown >> $GITHUB_STEP_SUMMARY
           poetry run -- nox -s dependency:licenses >> $GITHUB_STEP_SUMMARY
           echo -e "\n\n# Coverage\n" >> $GITHUB_STEP_SUMMARY
-          poetry run -- coverage report --format markdown >> $GITHUB_STEP_SUMMARY
+          poetry run -- coverage report --format markdown >> $GITHUB_STEP_SUMMARY || true
           poetry run -- tbx lint pretty-print >> $GITHUB_STEP_SUMMARY
           poetry run -- tbx security pretty-print .security.json >> $GITHUB_STEP_SUMMARY
diff --git a/.github/workflows/slow-checks.yml b/.github/workflows/slow-checks.yml
@@ -28,7 +28,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
         with:
           python-version: ${{ matrix.python-version }}
 
diff --git a/doc/changes/unreleased.md b/doc/changes/unreleased.md
@@ -3,6 +3,7 @@
 ## 🔧 Changed
 
 - #558 Updated to poetry 2.1.2 & relocked dependencies to resolve CVE-2025-27516
+- Relocked dependencies to resolve CVE-2025-43859
 
 ## 🧰 Internal
 
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml

-Original file line number
+Diff line change
           fetch-depth: 0
       - name: Setup Python & Poetry Environment
 -        uses: exasol/python-toolbox/.github/actions/[email protected].0
 +        uses: exasol/python-toolbox/.github/actions/[email protected].1
       - name: Build Documentation
         run: |