mirror of
https://github.com/ansible/awx.git
synced 2026-02-18 11:40:05 -03:30
[stable-2.6] Bump dependency (#7070)
* Update Python dependencies Relaxed or updated version constraints for several dependencies in requirements files and Makefile, including Cython, asciichartpy, msgpack, python-daemon, and pyyaml. These changes address build issues, remove unnecessary pins, and update to newer compatible versions. * remove docutils license * we no longer have this as a dep so we don't need to carry its license * Update dependencies to address security vulnerabilities Bumped versions of cryptography, protobuf, and idna in requirements to address CVE-2024-26130, CVE-2025-4565, and CVE-2024-3651. These updates improve security by resolving known vulnerabilities in the affected packages. --------- Co-authored-by: thedoubl3j <jljacks93@gmail.com>
This commit is contained in:
Hao Liu
thedoubl3j
@@ -2,7 +2,7 @@ aiohttp>=3.11.6 # CVE-2024-52304
|
||||
ansiconv==1.0.0 # UPGRADE BLOCKER: from 2013, consider replacing instead of upgrading
|
||||
ansible-runner==2.4.1
|
||||
jq # used for indirect host counting feature
|
||||
asciichartpy
|
||||
asciichartpy<=1.5.7 # Unable to build from source for >1.5.7 due to missing README.md in PyPI sdist
|
||||
asn1
|
||||
azure-identity
|
||||
azure-keyvault
|
||||
@@ -10,8 +10,8 @@ boto3
|
||||
botocore
|
||||
channels
|
||||
channels-redis
|
||||
cryptography>=41.0.7 # CVE-2023-49083
|
||||
Cython<3 # due to https://github.com/yaml/pyyaml/pull/702
|
||||
cryptography>=42.0.4 # CVE-2024-26130
|
||||
Cython
|
||||
daphne
|
||||
distro
|
||||
django==4.2.23 # CVE-2025-48432
|
||||
@@ -37,7 +37,7 @@ JSON-log-formatter
|
||||
jsonschema
|
||||
Markdown # used for formatting API help
|
||||
maturin # pydantic-core build dep
|
||||
msgpack<1.0.6 # 1.0.6+ requires cython>=3
|
||||
msgpack
|
||||
msrestazure
|
||||
OPA-python-client==2.0.2 # Code contain monkey patch targeted to 2.0.2 to fix https://github.com/Turall/OPA-python-client/issues/29
|
||||
openshift
|
||||
@@ -53,11 +53,11 @@ pygerduty
|
||||
PyGithub <= 2.6.0
|
||||
pyopenssl>=23.2.0 # resolve dep conflict from cryptography pin above
|
||||
pyparsing==2.4.6 # Upgrading to v3 of pyparsing introduce errors on smart host filtering: Expected 'or' term, found 'or' (at char 15), (line:1, col:16)
|
||||
python-daemon>3.0.0
|
||||
python-daemon
|
||||
python-dsv-sdk>=1.0.4
|
||||
python-tss-sdk>=1.2.1
|
||||
python-ldap
|
||||
pyyaml>=6.0.1
|
||||
pyyaml>=6.0.2
|
||||
pyzstd # otel collector log file compression library
|
||||
receptorctl==1.5.7
|
||||
social-auth-core == 4.5.4 # hard pinned due to resolver picking CVE version when uncapped
|
||||
@@ -78,6 +78,8 @@ setuptools_scm[toml] # see UPGRADE BLOCKERs, xmlsec build dep
|
||||
setuptools-rust>=0.11.4 # cryptography build dep
|
||||
pkgconfig>=1.5.1 # xmlsec build dep - needed for offline build
|
||||
django-flags>=5.0.13
|
||||
protobuf>=4.25.8 # CVE-2025-4565
|
||||
idna>=3.10 # CVE-2024-3651
|
||||
# Temporarily added to use ansible-runner from git branch, to be removed
|
||||
# when ansible-runner moves from requirements_git.txt to here
|
||||
pbr
|
||||
|
||||
@@ -22,7 +22,7 @@ ansible-runner==2.4.1
|
||||
# via -r /awx_devel/requirements/requirements.in
|
||||
ansiconv==1.0.0
|
||||
# via -r /awx_devel/requirements/requirements.in
|
||||
asciichartpy==1.5.25
|
||||
asciichartpy==1.5.7
|
||||
# via -r /awx_devel/requirements/requirements.in
|
||||
asgiref==3.7.2
|
||||
# via
|
||||
@@ -30,6 +30,7 @@ asgiref==3.7.2
|
||||
# channels-redis
|
||||
# daphne
|
||||
# django
|
||||
# django-ansible-base
|
||||
# django-cors-headers
|
||||
asn1==2.7.0
|
||||
# via -r /awx_devel/requirements/requirements.in
|
||||
@@ -106,7 +107,7 @@ click==8.1.7
|
||||
# via receptorctl
|
||||
constantly==23.10.4
|
||||
# via twisted
|
||||
cryptography==41.0.7
|
||||
cryptography==42.0.8
|
||||
# via
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# adal
|
||||
@@ -120,7 +121,7 @@ cryptography==41.0.7
|
||||
# pyopenssl
|
||||
# service-identity
|
||||
# social-auth-core
|
||||
cython==0.29.37
|
||||
cython==3.1.3
|
||||
# via -r /awx_devel/requirements/requirements.in
|
||||
daphne==3.0.2
|
||||
# via
|
||||
@@ -187,8 +188,6 @@ djangorestframework==3.15.2
|
||||
# django-ansible-base
|
||||
djangorestframework-yaml==2.0.0
|
||||
# via -r /awx_devel/requirements/requirements.in
|
||||
docutils==0.20.1
|
||||
# via python-daemon
|
||||
dynaconf==3.2.10
|
||||
# via
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
@@ -221,8 +220,9 @@ hyperlink==21.0.0
|
||||
# via
|
||||
# autobahn
|
||||
# twisted
|
||||
idna==3.6
|
||||
idna==3.10
|
||||
# via
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# hyperlink
|
||||
# requests
|
||||
# twisted
|
||||
@@ -305,7 +305,7 @@ msal==1.26.0
|
||||
# msal-extensions
|
||||
msal-extensions==1.1.0
|
||||
# via azure-identity
|
||||
msgpack==1.0.5
|
||||
msgpack==1.1.1
|
||||
# via
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# channels-redis
|
||||
@@ -363,7 +363,7 @@ opentelemetry-sdk==1.24.0
|
||||
# opentelemetry-exporter-otlp-proto-http
|
||||
opentelemetry-semantic-conventions==0.45b0
|
||||
# via opentelemetry-sdk
|
||||
packaging==23.2
|
||||
packaging==25.0
|
||||
# via
|
||||
# ansible-runner
|
||||
# msal-extensions
|
||||
@@ -384,8 +384,9 @@ propcache==0.2.0
|
||||
# via
|
||||
# aiohttp
|
||||
# yarl
|
||||
protobuf==4.25.3
|
||||
protobuf==4.25.8
|
||||
# via
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# googleapis-common-protos
|
||||
# opentelemetry-proto
|
||||
psutil==5.9.8
|
||||
@@ -420,6 +421,7 @@ pygithub==2.6.0
|
||||
pyjwt[crypto]==2.8.0
|
||||
# via
|
||||
# adal
|
||||
# django-ansible-base
|
||||
# msal
|
||||
# pygithub
|
||||
# social-auth-core
|
||||
@@ -434,7 +436,7 @@ pyparsing==2.4.6
|
||||
# via -r /awx_devel/requirements/requirements.in
|
||||
pyrad==2.4
|
||||
# via django-radius
|
||||
python-daemon==3.0.1
|
||||
python-daemon==3.1.2
|
||||
# via
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# ansible-runner
|
||||
@@ -461,7 +463,7 @@ pytz==2024.1
|
||||
# via
|
||||
# irc
|
||||
# tempora
|
||||
pyyaml==6.0.1
|
||||
pyyaml==6.0.2
|
||||
# via
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# ansible-runner
|
||||
@@ -485,6 +487,7 @@ requests==2.32.3
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# adal
|
||||
# azure-core
|
||||
# django-ansible-base
|
||||
# django-oauth-toolkit
|
||||
# kubernetes
|
||||
# msal
|
||||
@@ -551,7 +554,7 @@ tempora==5.5.1
|
||||
# via
|
||||
# irc
|
||||
# jaraco-logging
|
||||
tomli==2.0.1
|
||||
tomli==2.2.1
|
||||
# via
|
||||
# incremental
|
||||
# maturin
|
||||
@@ -585,6 +588,7 @@ urllib3==1.26.20
|
||||
# via
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# botocore
|
||||
# django-ansible-base
|
||||
# kubernetes
|
||||
# pygithub
|
||||
# requests
|
||||
@@ -619,7 +623,6 @@ setuptools==78.1.1
|
||||
# autobahn
|
||||
# incremental
|
||||
# opentelemetry-instrumentation
|
||||
# python-daemon
|
||||
# setuptools-rust
|
||||
# setuptools-scm
|
||||
# zope-interface
|
||||
|
||||
Reference in New Issue
Block a user