Bump cryptography to 41.0.4, pyopenssl to 23.2.0

Fixes: * CVE-2023-4807 * CVE-2023-2650 * CVE-2023-3446 pyopenssl 23.2.0 required for cryptography to 41.0.x support
StackStorm · Nov 6, 2023 · 60daee8 · 60daee8
1 parent 07c6aa5
commit 60daee8
Show file tree

Hide file tree

Showing 7 changed files with 13 additions and 13 deletions.
diff --git a/fixed-requirements.txt b/fixed-requirements.txt
@@ -7,7 +7,7 @@ chardet<3.1.0
 cffi<1.15.0
 # NOTE: 2.0 version breaks pymongo work with hosts
 dnspython>=1.16.0,<2.0.0
-cryptography==39.0.1
+cryptography==41.0.4
 # Note: 0.20.0 removed select.poll() on which some of our code and libraries we
 # depend on rely
 eventlet==0.30.2
@@ -45,7 +45,7 @@ pymongo==3.11.3
 pyparsing<3
 zstandard==0.15.2
 # pyOpenSSL 23.1.0 supports cryptography up to 40.0.x
-pyOpenSSL==23.1.0
+pyOpenSSL==23.2.0
 python-editor==1.0.4
 python-keyczar==0.716
 pytz==2021.1

diff --git a/requirements-pants.txt b/requirements-pants.txt
@@ -9,7 +9,7 @@
 apscheduler
 argcomplete
 ciso8601
-cryptography
+cryptography==41.0.4
 # eventlet 0.31+ and gunicorn 20.1.0 are not compatible
 eventlet<0.31
 # flex parses the openapi 2 spec in our router

diff --git a/requirements.txt b/requirements.txt
@@ -14,7 +14,7 @@ bcrypt==3.2.0
 cffi<1.15.0
 chardet<3.1.0
 ciso8601
-cryptography==39.0.1
+cryptography==41.0.4
 decorator==4.4.2
 dnspython>=1.16.0,<2.0.0
 eventlet==0.30.2
@@ -45,7 +45,7 @@ passlib==1.7.4
 prettytable==2.1.0
 prompt-toolkit==1.0.15
 psutil==5.8.0
-pyOpenSSL==23.1.0
+pyOpenSSL==23.2.0
 pyinotify==0.9.6 ; platform_system=="Linux"
 pymongo==3.11.3
 pyparsing<3

diff --git a/st2client/in-requirements.txt b/st2client/in-requirements.txt
@@ -16,12 +16,12 @@ python-editor
 prompt-toolkit
 # mention cffi used by cryptography so we can control version
 cffi
-cryptography
+cryptography==41.0.4
 orjson
 # needed by requests
 chardet
 # required for SOCKS proxy support (HTTP_PROXY, HTTPS_PROXY, NO_PROXY)
-pyOpenSSL
+pyOpenSSL==23.2.0
 pysocks
 # adding so can set version
 zipp
diff --git a/st2client/requirements.txt b/st2client/requirements.txt
@@ -8,14 +8,14 @@
 argcomplete==1.12.2
 cffi<1.15.0
 chardet<3.1.0
-cryptography==39.0.1
+cryptography==41.0.4
 importlib-metadata==4.10.1
 jsonpath-rw==1.4.0
 jsonschema==2.6.0
 orjson==3.5.2
 prettytable==2.1.0
 prompt-toolkit==1.0.15
-pyOpenSSL==23.1.0
+pyOpenSSL==23.2.0
 pysocks
 python-dateutil==2.8.1
 python-editor==1.0.4

diff --git a/st2common/in-requirements.txt b/st2common/in-requirements.txt
@@ -24,7 +24,7 @@ pymongo
 zstandard
 # mention cffi used by cryptography so we can control version
 cffi
-cryptography
+cryptography==41.0.4
 requests
 retrying
 semver
@@ -40,7 +40,7 @@ routes
 flex
 webob
 jsonpath-rw
-pyOpenSSL
+pyOpenSSL==23.2.0
 python-statsd
 ciso8601
 orjson

diff --git a/st2common/requirements.txt b/st2common/requirements.txt
@@ -11,7 +11,7 @@ apscheduler==3.7.0
 cffi<1.15.0
 chardet<3.1.0
 ciso8601
-cryptography==39.0.1
+cryptography==41.0.4
 decorator==4.4.2
 dnspython>=1.16.0,<2.0.0
 eventlet==0.30.2
@@ -30,7 +30,7 @@ orjson==3.5.2
 orquesta@ git+https://github.com/StackStorm/[email protected]
 oslo.config>=1.12.1,<1.13
 paramiko==2.11.0
-pyOpenSSL==23.1.0
+pyOpenSSL==23.2.0
 pymongo==3.11.3
 python-dateutil==2.8.1
 python-statsd==2.1.0