Bump pysaml2 requeriment to avoid CVE-2020-5390
Although, Keystone doesn't use the pysaml2 signature on [0] Would be nice to bump the pysaml2 version for, at least, 5.0.0[1] in order to have the the CVE fix included[2]. [0]https://opendev.org/openstack/keystone/src/branch/master/keystone/federation/idp.py#L440-L521 [1] https://github.com/IdentityPython/pysaml2/releases/tag/v5.0.0 [2] https://github.com/advisories/GHSA-qf7v-8hj3-4xw7 Change-Id: I1d3776f7f1feb6485feecb140703f23027ca3a6f
This commit is contained in:
parent
7d6c71ba26
commit
c0d63cecd8
|
@ -46,7 +46,7 @@ pycadf==1.1.0
|
|||
pycodestyle==2.0.0
|
||||
python-ldap===3.0.0
|
||||
pymongo===3.0.2
|
||||
pysaml2==4.5.0
|
||||
pysaml2==5.0.0
|
||||
PyJWT==1.6.1
|
||||
PyMySQL==0.7.6
|
||||
python-keystoneclient==3.8.0
|
||||
|
|
|
@ -28,7 +28,7 @@ oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
|
|||
oslo.upgradecheck>=0.1.0 # Apache-2.0
|
||||
oslo.utils>=3.33.0 # Apache-2.0
|
||||
oauthlib>=0.6.2 # BSD
|
||||
pysaml2>=4.5.0
|
||||
pysaml2>=5.0.0
|
||||
PyJWT>=1.6.1 # MIT
|
||||
dogpile.cache>=0.6.2 # BSD
|
||||
jsonschema>=3.2.0 # MIT
|
||||
|
|
Loading…
Reference in New Issue