mirror of
https://github.com/ansible/awx.git
synced 2026-02-23 14:05:59 -03:30
Cleaning up requirements.in
Removing all >= dependencies as these were upgraded past the >= version with the last update.
The following libraries were secondary imports and were removed from the requirements.in as we are past the version required to fix their CVEs:
* autobhan
* kubernetes
* pyjwt
* sqlparse
This commit is contained in:
John Westcott IV
@@ -1,20 +1,19 @@
|
||||
aiohttp>=3.7.4
|
||||
aiohttp
|
||||
ansiconv==1.0.0 # UPGRADE BLOCKER: from 2013, consider replacing instead of upgrading
|
||||
asciichartpy
|
||||
asn1
|
||||
autobahn>=20.12.3 # CVE-2020-35678
|
||||
azure-keyvault==1.1.0 # see UPGRADE BLOCKERs
|
||||
channels
|
||||
channels-redis>=3.1.0 # https://github.com/django/channels_redis/issues/212
|
||||
channels-redis
|
||||
cryptography
|
||||
Cython<3 # Since the bump to PyYAML 5.4.1 this is now a mandatory dep
|
||||
daphne
|
||||
distro
|
||||
django==3.2.16 # see UPGRADE BLOCKERs https://github.com/ansible/awx/security/dependabot/67
|
||||
django-auth-ldap
|
||||
django-cors-headers>=3.5.0
|
||||
django-cors-headers
|
||||
django-crum
|
||||
django-extensions>=2.2.9 # https://github.com/ansible/awx/pull/6441
|
||||
django-extensions
|
||||
django-guid==3.2.1
|
||||
django-oauth-toolkit==1.4.1
|
||||
django-polymorphic
|
||||
@@ -26,43 +25,40 @@ django-taggit
|
||||
djangorestframework==3.13.1
|
||||
djangorestframework-yaml
|
||||
filelock
|
||||
GitPython>=3.1.1 # minimum to fix https://github.com/ansible/awx/issues/6119
|
||||
GitPython
|
||||
irc
|
||||
jinja2>=2.11.3 # CVE-2020-28493
|
||||
jinja2
|
||||
JSON-log-formatter
|
||||
jsonschema
|
||||
kubernetes>=12.0.0 # CVE-2020-1747
|
||||
Markdown # used for formatting API help
|
||||
openshift>=0.12.0 # minimum version to pull in new pyyaml for CVE-2017-18342, minimum version to pull in new kubernetes for CVE-2020-1747
|
||||
openshift
|
||||
pexpect==4.7.0 # see library notes
|
||||
prometheus_client
|
||||
psycopg2
|
||||
psutil
|
||||
pygerduty
|
||||
pyjwt>=2.4.0 # https://github.com/ansible/awx/security/dependabot/58
|
||||
pyparsing==2.4.6 # Upgrading to v3 of pyparsing introduce errors on smart host filtering: Expected 'or' term, found 'or' (at char 15), (line:1, col:16)
|
||||
python3-saml==1.13.0
|
||||
python-dsv-sdk
|
||||
python-tss-sdk==1.0.0
|
||||
python-ldap>=3.4.0 # https://github.com/ansible/awx/security/dependabot/20
|
||||
pyyaml>=5.4.1 # minimum to fix https://github.com/yaml/pyyaml/issues/478
|
||||
python-ldap
|
||||
pyyaml
|
||||
receptorctl==1.2.3
|
||||
schedule==0.6.0
|
||||
social-auth-core[openidconnect]==4.3.0 # see UPGRADE BLOCKERs
|
||||
social-auth-app-django==5.0.0 # see UPGRADE BLOCKERs
|
||||
redis
|
||||
requests
|
||||
sqlparse>=0.4.2 # Required by Django, pinning for CVE-2021-32839
|
||||
slack-sdk
|
||||
tacacs_plus==1.0 # UPGRADE BLOCKER: auth does not work with later versions
|
||||
twilio>7.9.0 # Pick up fix for use with proxy server via environment variables
|
||||
twisted[tls]>=22.4.0 # CVE-2020-10108, CVE-2020-10109, CVE-2022-21712 (https://github.com/ansible/awx/security/dependabot/46), https://github.com/ansible/awx/security/dependabot/53
|
||||
twilio
|
||||
twisted[tls]
|
||||
uWSGI
|
||||
uwsgitop
|
||||
wheel
|
||||
pip==21.2.4 # see UPGRADE BLOCKERs
|
||||
setuptools>=62.4.0 # see UPGRADE BLOCKERs
|
||||
setuptools_scm[toml]>=3.4 # see UPGRADE BLOCKERs, xmlsec build dep
|
||||
setuptools # see UPGRADE BLOCKERs
|
||||
setuptools_scm[toml] # see UPGRADE BLOCKERs, xmlsec build dep
|
||||
xmlsec==1.3.12 # xmlsec 1.3.13 removed the ability to use lxml 4.7.0 but python3-saml requires lxml 4.7.0 so we need to pin xmlsec
|
||||
lxml>=3.8 # xmlsec build dep
|
||||
pkgconfig>=1.5.1 # xmlsec build dep
|
||||
|
||||
@@ -29,9 +29,7 @@ attrs==22.1.0
|
||||
# service-identity
|
||||
# twisted
|
||||
autobahn==22.7.1
|
||||
# via
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# daphne
|
||||
# via daphne
|
||||
autocommand==2.2.2
|
||||
# via jaraco-text
|
||||
automat==22.10.0
|
||||
@@ -203,9 +201,7 @@ json-log-formatter==0.5.1
|
||||
jsonschema==4.17.1
|
||||
# via -r /awx_devel/requirements/requirements.in
|
||||
kubernetes==25.3.0
|
||||
# via
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# openshift
|
||||
# via openshift
|
||||
lockfile==0.12.2
|
||||
# via python-daemon
|
||||
lxml==4.7.0
|
||||
@@ -285,7 +281,6 @@ pygerduty==0.38.3
|
||||
# via -r /awx_devel/requirements/requirements.in
|
||||
pyjwt==2.6.0
|
||||
# via
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# adal
|
||||
# social-auth-core
|
||||
# twilio
|
||||
@@ -404,9 +399,7 @@ social-auth-core[openidconnect]==4.3.0
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# social-auth-app-django
|
||||
sqlparse==0.4.3
|
||||
# via
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# django
|
||||
# via django
|
||||
tacacs-plus==1.0
|
||||
# via -r /awx_devel/requirements/requirements.in
|
||||
tempora==5.1.0
|
||||
|
||||
Reference in New Issue
Block a user