diff --git a/requirements.txt b/requirements.txt index f705ce2f1..e354b6645 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,130 +1,133 @@ # The ssl.match_hostname() function from Python 3.4 # https://bitbucket.org/brandon/backports.ssl_match_hostname/commits/698cd6dcca10addb922f5c74412151efb075cae2 -backports.ssl_match_hostname==3.5.0.1 +backports.ssl-match-hostname==3.7.0.1 # Bcrypt # 3.1.0: Fixed a regression where $2a hashes were vulnerable to a wraparound bug. -bcrypt==3.1.3 +bcrypt==3.2.0 # Beaker # http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3458 -beaker==1.9.0 +beaker==1.11.0 # Bleach # https://github.com/mozilla/bleach/issues/298 -bleach==2.1 +bleach==4.0.0 # Bottle # CVE-2014-3137 # CVE-2016-9964 -bottle==0.12.13 +bottle==0.12.19 # Celery # Changelog: http://celery.readthedocs.org/en/latest/changelog.html -celery==4.1.0 -celery==3.1.25 # rq.filter: >=3.1, <4.0 +celery==5.1.2 # Cloudflare Scrape # CVE-2017-7235 -cfscrape==1.9.0 +cfscrape==2.1.1 # PyCA - Cryptography # Changelog: https://cryptography.io/en/latest/changelog/ -cryptography==2.0.3 +cryptography==3.4.7 # Django # Changelog: https://www.djangoproject.com/weblog/ -django==1.11.5 -django==1.10.8 # rq.filter: >=1.10, <1.11 -django==1.8.18 # rq.filter: >=1.8, <1.9 +django==3.2.6 +django==2.0.13 # rq.filter: >=2.0, <2.1 +django==1.11.29 # rq.filter: >=1.11, <2.0 # Djblets # -> CVE-2014-3995 -djblets==0.9.9 +djblets==2.2.3 # eyeD3 # http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1934 -eyeD3==0.8.2 +eyeD3==0.9.6 # Tastypie # Changelog: https://django-tastypie.readthedocs.org/en/latest/release_notes/index.html -django-tastypie==0.14.0 +django-tastypie==0.14.3 # Django REST framework # Changelog: http://www.django-rest-framework.org/topics/release-notes -djangorestframework==3.6.4 +djangorestframework==3.12.4 # Defused XML # Changelog: https://pypi.python.org/pypi/defusedxml -defusedxml==0.5.0 +defusedxml==0.7.1 # Flask # Changelog: http://flask.pocoo.org/docs/changelog/ -flask==0.12.2 +flask==2.0.1 # Graphite # Changelog: http://graphite.readthedocs.org/en/latest/releases.html # http://graphite.readthedocs.io/en/latest/releases/1_0_0.html#security-notes -graphite-web==1.0.2 +graphite-web==1.1.8 # hpack # CVE-2016-6581 -hpack==3.0.0 +hpack==4.0.0 # Ironic Inspector # CVE-2015-5306 # https://bugs.launchpad.net/ironic-inspector/+bug/1506419 -ironic-inspector==6.0.0 +ironic-inspector==10.7.0 + +# JSNAPy +# CVE-2018-0023 +jsnapy==1.3.6 # Keyring # Changelog: https://github.com/jaraco/keyring/blob/master/CHANGES.rst -keyring==10.4.0 +keyring==23.0.1 # OpenStack Keystone Middleware # Security: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=keystonemiddleware # CVE-2014-7144 # CVE-2015-1852 -keystonemiddleware==4.17.0 +keystonemiddleware==9.3.0 # Logilab Common # http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1839 # http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1838 -logilab-common==1.4.1 +logilab-common==1.8.1 # LXML # Security: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=lxml -lxml==4.0.0 +lxml==4.6.3 # Mercurial # CVE-2017-9462 -Mercurial== +Mercurial==5.8.1 # MoinMoin # http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6081 # https://moinmo.in/SecurityFixes -moin==1.9.9 +moin==1.9.11 # Paramiko # Changelog: http://paramiko-www.readthedocs.org/changelog.html -paramiko==2.3.1 -paramiko==2.2.2 # rq.filter: >=2.2, <2.3 -paramiko==2.1.4 # rq.filter: >=2.1, <2.2 -paramiko==2.0.7 # rq.filter: >=2.0, <2.1 -paramiko==1.18.4 # rq.filter: >=1.18, <2 +paramiko==2.7.2 +paramiko==2.3.3 # rq.filter: >=2.3, <2.4 +paramiko==2.2.4 # rq.filter: >=2.2, <2.3 +paramiko==2.1.6 # rq.filter: >=2.1, <2.2 +paramiko==2.0.9 # rq.filter: >=2.0, <2.1 # Pillow # Note: replaces obsolete PIL # https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release/ -pillow==4.2.1 +pillow==8.3.1 # Plone # CVE-2017-5524 -plone==5.0.9 -plone==4.3.16 # rq.filter: >=4, <5 +plone==5.2.5 +plone==4.3.20 # rq.filter: >=4, <5 # priority # CVE-2016-6580 -priority==1.3.0 +priority==2.0.0 # PyCrypto - The Python Cryptography Toolkit # Changelog: https://www.dlitz.net/software/pycrypto/ @@ -132,103 +135,109 @@ pycrypto==2.6.1 # Python libfribidi interface # http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1176 -pyfribidi==0.11.0 +pyfribidi==0.12.0 # PyMongo # Changelog: http://api.mongodb.org/python/current/changelog.html -pymongo==3.5.1 +pymongo==3.12.0 # Python Bugzilla # http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2191 -python-bugzilla==2.1.0 +python-bugzilla==3.1.0 # Python Glance Client # http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4111 # Changelog: http://docs.openstack.org/developer/python-glanceclient/ -python-glanceclient==2.8.0 +python-glanceclient==3.4.0 # Python GnuPG # CVE-2014-1929 # CVE-2014-1928 # CVE-2014-1927 # CVE-2013-7323 -python-gnupg==0.4.1 +python-gnupg==0.4.7 # Python JWT # https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ -python-jwt==2.0.2 +python-jwt==3.3.0 # Python Keystone Client # CVE-2014-0105 # CVE-2015-1852 -python-keystoneclient==3.13.0 +python-keystoneclient==4.2.0 # Python Swift Client # http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6396 -python-swiftclient==3.4.0 +python-swiftclient==3.12.0 # PyYAML # Security: http://www.cvedetails.com/vulnerability-list/vendor_id-13115/year-2014/Pyyaml.html -pyyaml==3.12 +pyyaml==5.4.1 # Requests # Changelog: https://pypi.python.org/pypi/requests/ -requests==2.18.4 +# CVE-2018-18074 +requests==2.26.0 # Rply # http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1604 -rply==0.7.5 +rply==0.7.8 # Python-RSA # CVE-2016-1494 -rsa==3.4.2 +rsa==4.7.2 # Setuptools # Changelog: http://pythonhosted.org/setuptools/history.html # Note: replaces obsolete distribute -setuptools==36.5.0 +setuptools==57.4.0 # SQLAlchemy # CVE: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sqlalchemy # Changelog: http://docs.sqlalchemy.org/en/latest/changelog/ -sqlalchemy==1.1.14 +sqlalchemy==1.4.22 sqlalchemy==1.0.19 # rq.filter: >=1.0, <1.1 # Tablib # CVE-2017-2810 -tablib==0.12.1 +tablib==3.0.0 # Tornado # CVE: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tornado # Changelog: http://www.tornadoweb.org/en/stable/releases.html -tornado==4.5.2 +tornado==6.1 # Tryton # News: http://www.tryton.org/news/index.html # CVEs: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tryton # CVE-2015-0861 -tryton==4.4.1 -tryton==4.2.6 # rq.filter: >=4.2, <4.4 -tryton==4.0.11 # rq.filter: >=4.0, <4.2 -tryton==3.8.16 # rq.filter: >=3.8, <4.0 -tryton==3.6.18 # rq.filter: >=3.6, <3.8 -tryton==3.4.17 # rq.filter: >=3.4, <3.6 +tryton==6.0.4 +tryton==4.8.21 # rq.filter: >=4.8, <5.0 +tryton==4.6.24 # rq.filter: >=4.6, <4.8 +tryton==4.4.26 # rq.filter: >=4.4, <4.6 +tryton==4.2.25 # rq.filter: >=4.2, <4.4 +tryton==4.0.22 # rq.filter: >=4.0, <4.2 +tryton==3.8.21 # rq.filter: >=3.8, <4.0 +tryton==3.6.20 # rq.filter: >=3.6, <3.8 # Trytond # News: http://www.tryton.org/news/index.html # CVE-2015-0861 # CVE-2017-0360 -trytond==4.4.3 -trytond==4.2.6 # rq.filter: >=4.2, <4.4 -trytond==4.0.11 # rq.filter: >=4.0, <4.2 -trytond==3.8.14 # rq.filter: >=3.8, <4.0 -trytond==3.6.18 # rq.filter: >=3.6, <3.8 -trytond==3.4.18 # rq.filter: >=3.4, <3.6 +trytond==6.0.5 +trytond==4.8.18 # rq.filter: >=4.8, <5.0 +trytond==4.6.22 # rq.filter: >=4.6, <4.8 +trytond==4.4.27 # rq.filter: >=4.4, <4.6 +trytond==4.2.22 # rq.filter: >=4.2, <4.4 +trytond==4.0.20 # rq.filter: >=4.0, <4.2 +trytond==3.8.18 # rq.filter: >=3.8, <4.0 +trytond==3.6.19 # rq.filter: >=3.6, <3.8 # Tweepy # http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5825 -tweepy==3.5.0 +tweepy==3.10.0 # urllib3 # CVE-2016-9015 -urllib3==1.22 +# CVE-2018-20060 +urllib3==1.26.6