Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix CVEs and bump receptorctl #14925

Merged
merged 1 commit into from
Feb 26, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions requirements/requirements.in
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
aiohttp
aiohttp>=3.8.6 # CVE-2023-47627
ansiconv==1.0.0 # UPGRADE BLOCKER: from 2013, consider replacing instead of upgrading
asciichartpy
asn1
@@ -8,7 +8,7 @@ boto3
botocore
channels
channels-redis==3.4.1 # see UPGRADE BLOCKERs
cryptography>=41.0.2 # CVE-2023-38325
cryptography>=41.0.6 # CVE-2023-49083
Cython<3 # this is needed as a build dependency, one day we may have separated build deps
daphne
distro
@@ -26,15 +26,15 @@ django-split-settings==1.0.0 # We hit a strange issue where the release proce
djangorestframework
djangorestframework-yaml
filelock
GitPython>=3.1.32 # CVE-2023-40267
GitPython>=3.1.37 # CVE-2023-41040
hiredis==2.0.0 # see UPGRADE BLOCKERs
irc
jinja2
jinja2>=3.1.3 # CVE-2024-22195
JSON-log-formatter
jsonschema
Markdown # used for formatting API help
openshift
pexpect==4.7.0 # see library notes
pexpect==4.7.0 # see library notes
prometheus_client
psycopg
psutil
@@ -49,20 +49,20 @@ pyyaml>=6.0.1
receptorctl
social-auth-core[openidconnect]==4.4.2 # see UPGRADE BLOCKERs
social-auth-app-django==5.4.0 # see UPGRADE BLOCKERs
sqlparse >= 0.4.4 # Required by django https://github.com/ansible/awx/security/dependabot/96
sqlparse>=0.4.4 # Required by django https://github.com/ansible/awx/security/dependabot/96
redis
requests
slack-sdk
tacacs_plus==1.0 # UPGRADE BLOCKER: auth does not work with later versions
twilio
twisted[tls]
twisted[tls]>=23.10.0 # CVE-2023-46137
uWSGI
uwsgitop
wheel>=0.38.1 # CVE-2022-40898
wheel>=0.38.1 # CVE-2022-40898
pip==21.2.4 # see UPGRADE BLOCKERs
setuptools # see UPGRADE BLOCKERs
setuptools_scm[toml] # see UPGRADE BLOCKERs, xmlsec build dep
setuptools-rust >= 0.11.4 # cryptography build dep
setuptools-rust>=0.11.4 # cryptography build dep
pkgconfig>=1.5.1 # xmlsec build dep - needed for offline build

# Temporarily added to use ansible-runner from git branch, to be removed
16 changes: 7 additions & 9 deletions requirements/requirements.txt
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
adal==1.2.7
# via msrestazure
aiohttp==3.8.3
aiohttp==3.9.3
# via -r /awx_devel/requirements/requirements.in
aioredis==1.3.1
# via channels-redis
@@ -70,14 +70,12 @@ channels==3.0.5
channels-redis==3.4.1
# via -r /awx_devel/requirements/requirements.in
charset-normalizer==2.1.1
# via
# aiohttp
# requests
# via requests
click==8.1.3
# via receptorctl
constantly==15.1.0
# via twisted
cryptography==41.0.3
cryptography==41.0.7
# via
# -r /awx_devel/requirements/requirements.in
# adal
@@ -163,7 +161,7 @@ frozenlist==1.3.3
# aiosignal
gitdb==4.0.10
# via gitpython
gitpython==3.1.32
gitpython==3.1.42
# via -r /awx_devel/requirements/requirements.in
google-auth==2.14.1
# via kubernetes
@@ -216,7 +214,7 @@ jaraco-text==3.11.0
# via
# irc
# jaraco-collections
jinja2==3.1.2
jinja2==3.1.3
# via -r /awx_devel/requirements/requirements.in
jmespath==1.0.1
# via
@@ -362,7 +360,7 @@ pyyaml==6.0.1
# djangorestframework-yaml
# kubernetes
# receptorctl
receptorctl==1.4.2
receptorctl==1.4.4
# via -r /awx_devel/requirements/requirements.in
redis==4.3.5
# via -r /awx_devel/requirements/requirements.in
@@ -440,7 +438,7 @@ tomli==2.0.1
# via setuptools-scm
twilio==7.15.3
# via -r /awx_devel/requirements/requirements.in
twisted[tls]==22.10.0
twisted[tls]==23.10.0
# via
# -r /awx_devel/requirements/requirements.in
# daphne