mirror of
https://github.com/ansible/awx.git
synced 2026-01-21 06:28:01 -03:30
8fe4223eac
* Update requirements for setuptools
* first pass and need to commit
* update makefile and run updater script
* updated makefile per readme
* ran updater script
* Patch irc backend to avoid namespace collision w/ jaraco
When importing the IRC backend, jaraco resolves to
the version vendored inside setuptools:
1) importing irc backend…
irc_backend ERROR: ModuleNotFoundError("No module named 'jaraco.stream'")
2) sys.modules['jaraco'] after failure:
present: True
type: <class 'module'>
__file__: /var/lib/awx/venv/awx/lib64/python3.11/site-packages/setuptools/_vendor/jaraco/__init__.py
__path__: ['/var/lib/awx/venv/awx/lib64/python3.11/site-packages/setuptools/_vendor/jaraco']
__spec__: ModuleSpec(name='jaraco',
loader=<_frozen_importlib_external.SourceFileLoader object at 0x7f006a0eccd0>,
origin='/var/lib/awx/venv/awx/lib64/python3.11/site-packages/setuptools/_vendor/jaraco/__init__.py',
submodule_search_locations=['/var/lib/awx/venv/awx/lib64/python3.11/site-packages/setuptools/_vendor/jaraco'])
Since setuptools does not vendor jaraco.stream, it blew up. This patch ensures
jaraco.stream gets imported *before* attempting to import the irc modules.
* Revert "[4.6][dependency] CVE 2025 47273 (#7020)" (#7027)
This reverts commit e8b2920aec95de2c51308ce2fb14773ef676d01a.
* reformatted irc backend with black
* ran black to fix linting issues
* Reapply "[4.6][dependency] CVE 2025 47273 (#7020)" (#7027)
This reverts commit 0c6df9b13398a93569fae7558e1a0e72cbe8fb6c.
* add flake8 ignore since jaraco.stream is needed
* jaraco.stream is not directly called in the file but is needed by irc
so ignore the linter failure
---------
Co-authored-by: Shane McDonald <me@shanemcd.com>
84 lines
2.6 KiB
Plaintext
84 lines
2.6 KiB
Plaintext
aiohttp>=3.11.6 # CVE-2024-52304
|
|
ansiconv==1.0.0 # UPGRADE BLOCKER: from 2013, consider replacing instead of upgrading
|
|
ansible-runner==2.4.1
|
|
jq # used for indirect host counting feature
|
|
asciichartpy
|
|
asn1
|
|
azure-identity
|
|
azure-keyvault
|
|
boto3
|
|
botocore
|
|
channels
|
|
channels-redis
|
|
cryptography>=41.0.7 # CVE-2023-49083
|
|
Cython<3 # due to https://github.com/yaml/pyyaml/pull/702
|
|
daphne
|
|
distro
|
|
django==4.2.21 # CVE-2025-32873
|
|
django-auth-ldap
|
|
django-cors-headers
|
|
django-crum
|
|
django-extensions
|
|
django-guid==3.2.1
|
|
django-oauth-toolkit<2.0.0 # Version 2.0.0 has breaking changes that will need to be worked out before upgrading
|
|
django-polymorphic
|
|
django-pglocks
|
|
django-radius
|
|
django-solo
|
|
djangorestframework>=3.15.2
|
|
djangorestframework-yaml
|
|
dynaconf<4
|
|
filelock
|
|
GitPython>=3.1.37 # CVE-2023-41040
|
|
grpcio>=1.68.0 # CVE-2024-11407
|
|
irc
|
|
jinja2>=3.1.6 # CVE-2025-27516
|
|
JSON-log-formatter
|
|
jsonschema
|
|
Markdown # used for formatting API help
|
|
maturin # pydantic-core build dep
|
|
msgpack<1.0.6 # 1.0.6+ requires cython>=3
|
|
msrestazure
|
|
OPA-python-client==2.0.2 # Code contain monkey patch targeted to 2.0.2 to fix https://github.com/Turall/OPA-python-client/issues/29
|
|
openshift
|
|
opentelemetry-api~=1.24 # new y streams can be drastically different, in a good way
|
|
opentelemetry-sdk~=1.24
|
|
opentelemetry-instrumentation-logging
|
|
opentelemetry-exporter-otlp
|
|
pexpect==4.7.0 # see library notes
|
|
prometheus_client
|
|
psycopg
|
|
psutil
|
|
pygerduty
|
|
PyGithub <= 2.6.0
|
|
pyopenssl>=23.2.0 # resolve dep conflict from cryptography pin above
|
|
pyparsing==2.4.6 # Upgrading to v3 of pyparsing introduce errors on smart host filtering: Expected 'or' term, found 'or' (at char 15), (line:1, col:16)
|
|
python-daemon>3.0.0
|
|
python-dsv-sdk>=1.0.4
|
|
python-tss-sdk>=1.2.1
|
|
python-ldap
|
|
pyyaml>=6.0.1
|
|
pyzstd # otel collector log file compression library
|
|
receptorctl==1.5.7
|
|
social-auth-core == 4.5.4 # hard pinned due to resolver picking CVE version when uncapped
|
|
social-auth-app-django==5.4.2 # see UPGRADE BLOCKERs
|
|
redis[hiredis]
|
|
requests
|
|
slack-sdk
|
|
tacacs_plus==1.0 # UPGRADE BLOCKER: auth does not work with later versions
|
|
twilio
|
|
twisted[tls]>=24.7.0 # CVE-2024-41810
|
|
urllib3>=1.26.19 # CVE-2024-37891
|
|
uWSGI>=2.0.28
|
|
uwsgitop
|
|
wheel>=0.38.1 # CVE-2022-40898
|
|
pip==21.2.4 # see UPGRADE BLOCKERs
|
|
setuptools==78.1.1 # see UPGRADE BLOCKERs
|
|
setuptools_scm[toml] # see UPGRADE BLOCKERs, xmlsec build dep
|
|
setuptools-rust>=0.11.4 # cryptography build dep
|
|
pkgconfig>=1.5.1 # xmlsec build dep - needed for offline build
|
|
django-flags>=5.0.13
|
|
# Temporarily added to use ansible-runner from git branch, to be removed
|
|
# when ansible-runner moves from requirements_git.txt to here
|
|
pbr
|