Update cryptography for CVE-2023-38325 (ansible#14358)

Signed-off-by: Rick Elrod <[email protected]>
djyasin · Sep 11, 2024 · c9f45bd · c9f45bd
1 parent c766a2f
commit c9f45bd
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/requirements/requirements.in b/requirements/requirements.in
@@ -8,7 +8,7 @@ boto3
 botocore
 channels
 channels-redis==3.4.1  # see UPGRADE BLOCKERs
-cryptography>=39.0.1 ## https://github.com/ansible/awx/security/dependabot/90
+cryptography>=41.0.2  # CVE-2023-38325
 Cython<3 # Since the bump to PyYAML 5.4.1 this is now a mandatory dep
 daphne
 distro
@@ -39,6 +39,7 @@ prometheus_client
 psycopg
 psutil
 pygerduty
+pyopenssl>=23.2.0  # resolve dep conflict from cryptography pin above
 pyparsing==2.4.6  # Upgrading to v3 of pyparsing introduce errors on smart host filtering: Expected 'or' term, found 'or'  (at char 15), (line:1, col:16)
 python-daemon>3.0.0
 python-dsv-sdk

diff --git a/requirements/requirements.txt b/requirements/requirements.txt
@@ -77,7 +77,7 @@ click==8.1.3
     # via receptorctl
 constantly==15.1.0
     # via twisted
-cryptography==40.0.2
+cryptography==41.0.3
     # via
     #   -r /awx_devel/requirements/requirements.in
     #   adal
@@ -94,9 +94,7 @@ daphne==3.0.2
     #   -r /awx_devel/requirements/requirements.in
     #   channels
 dataclasses==0.6
-    # via
-    #   python-dsv-sdk
-    #   python-tss-sdk
+    # via python-dsv-sdk
 defusedxml==0.7.1
     # via
     #   python3-openid
@@ -303,8 +301,10 @@ pyjwt==2.6.0
     #   adal
     #   social-auth-core
     #   twilio
-pyopenssl==23.1.1
-    # via twisted
+pyopenssl==23.2.0
+    # via
+    #   -r /awx_devel/requirements/requirements.in
+    #   twisted
 pyparsing==2.4.6
     # via
     #   -r /awx_devel/requirements/requirements.in