Pin jwcrypto and requests libraries to ensure safe version is used

OpenSPP · Jan 8, 2025 · c23265d · c23265d
1 parent c1dcb86
commit c23265d
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/requirements.txt b/requirements.txt
@@ -8,12 +8,14 @@ fastapi==0.112.2
 geojson
 jsonschema
 jwcrypto
+jwcrypto>=1.5.6
 numpy>=1.22.2
 pyjwt>=2.4.0
 pyproj
 python-magic
 pytz
 qrcode
+requests>=2.32.2
 shapely
 simplejson
 swagger_spec_validator

diff --git a/spp_base/__manifest__.py b/spp_base/__manifest__.py
@@ -33,7 +33,7 @@
         "spp_farmer_registry_base",
     ],
     "external_dependencies": {
-        "python": ["fastapi==0.112.2", "extendable_pydantic==1.3.0", "numpy>=1.22.2", "urllib3>=2.2.2", "zipp>=3.19.1"]
+        "python": ["fastapi==0.112.2", "extendable_pydantic==1.3.0", "numpy>=1.22.2", "urllib3>=2.2.2", "zipp>=3.19.1", "jwcrypto>=1.5.6", "requests>=2.32.2"]
     },  # not directly required, pinned by Snyk to avoid a vulnerability and for fastapi, compatibility issues.
     "data": [
         "data/global_roles.xml",