[15.0][FIX] auth_saml: do not force using vulnerable cryptography module #640
Conversation
vincent-hatakeyama
force-pushed
the
15.0-auth_saml-fix-cryptography_version
branch
2 times, most recently
from
afb078a
to
18445fc
Compare
|
/ocabot merge patch |
|
Sorry @vincent-hatakeyama you are not allowed to merge. To do so you must either have push permissions on the repository, or be a declared maintainer of all modified addons. If you wish to adopt an addon and become it's maintainer, open a pull request to add your GitHub login to the |
|
/ocabot rebase |
|
@thomaspaulb The rebase process failed, because command |
|
@vincent-hatakeyama Could you rebase or allow access |
vincent-hatakeyama
force-pushed
the
15.0-auth_saml-fix-cryptography_version
branch
from
18445fc
to
abc4682
Compare
I’ve juste rebased. |
|
@sbidoul I need your input here.. this goes against this. Is Or, come to think of it, could we override it there, to let the requirements.txt include the limit but to leave the module's manifest free for users of the module to decide? |
|
I agree we should not place an upper bound on cryptography in the module. My initial approach was not optimal. This PR is better. Last time I checked, the pin on pyopenssl 19 on Odoo's requirements.txt was not really necassary? Longer term, I would like to try and stop using Odoo's requirements.txt in oca/oca-ci, in favor of a custom set of upper bounds on dependencies that are known not to work with Odoo (things like |
vincent-hatakeyama
force-pushed
the
15.0-auth_saml-fix-cryptography_version
branch
from
abc4682
to
d132bca
Compare
I’ve rebased again. |
|
Sounds like a good solution. /ocabot merge patch |
|
This PR looks fantastic, let's merge it! |
|
Congratulations, your PR was merged at 241f1b8. Thanks a lot for contributing to OCA. ❤️ |
Without this fix, it is impossible to use an upgraded version of cryptography with this module.
It is still necessary to check for compatibility, so that information is added to the install instructions.