From e08211b1ca35b9d6fbc5e4a898af0738516ad1ec Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 25 Sep 2025 13:14:36 +0200 Subject: [PATCH] GHA: bump pip `cryptography`, relax `impacket` version requirement Bump `cryptography` to a newer version that fixes two known OpenSSL vulnerabilities reported by Dependabot. To make it work, also allow `impacket` 0.11.0, because it allows any pyOpenSSL version, while 0.12.0 pinned it to a single version that happens to be incompatible with the bugfixed `cryptography` version. Also: drop spaces from `requirements.txt` files. Bots don't add them, though they seem to be preferred in the official documentation: https://pip.pypa.io/en/stable/reference/requirements-file-format/ https://github.com/fortra/impacket/blob/impacket_0_11_0/requirements.txt https://github.com/fortra/impacket/blob/impacket_0_12_0/requirements.txt Follow-up to 7d5f8be532c19ec73063aaa4f27057047bdae5ac #18708 Closes #18731 --- .github/scripts/requirements.txt | 10 +++++----- tests/http/requirements.txt | 12 ++++++------ tests/requirements.txt | 2 +- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/scripts/requirements.txt b/.github/scripts/requirements.txt index 5e876b0cb2..ac858451d5 100644 --- a/.github/scripts/requirements.txt +++ b/.github/scripts/requirements.txt @@ -2,8 +2,8 @@ # # SPDX-License-Identifier: curl -cmakelang == 0.6.13 -codespell == 2.4.1 -pytype == 2024.10.11 -reuse == 5.1.1 -ruff == 0.13.1 +cmakelang==0.6.13 +codespell==2.4.1 +pytype==2024.10.11 +reuse==5.1.1 +ruff==0.13.1 diff --git a/tests/http/requirements.txt b/tests/http/requirements.txt index 8dddcd1e1c..6a98723ac2 100644 --- a/tests/http/requirements.txt +++ b/tests/http/requirements.txt @@ -2,9 +2,9 @@ # # SPDX-License-Identifier: curl -cryptography == 42.0.8 -filelock == 3.19.1 -psutil == 7.1.0 -pytest == 8.4.2 -pytest-xdist == 3.8.0 -websockets == 15.0.1 +cryptography==44.0.1 +filelock==3.19.1 +psutil==7.1.0 +pytest==8.4.2 +pytest-xdist==3.8.0 +websockets==15.0.1 diff --git a/tests/requirements.txt b/tests/requirements.txt index dab4784c5f..501c1fc693 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -2,4 +2,4 @@ # # SPDX-License-Identifier: curl -impacket == 0.12.0 +impacket>=0.11.0,<=0.12.0