GHA: bump pip cryptography, relax impacket version requirement

Bump `cryptography` to a newer version that fixes two known OpenSSL vulnerabilities reported by Dependabot. To make it work, also allow `impacket` 0.11.0, because it allows any pyOpenSSL version, while 0.12.0 pinned it to a single version that happens to be incompatible with the bugfixed `cryptography` version. Also: drop spaces from `requirements.txt` files. Bots don't add them, though they seem to be preferred in the official documentation: https://pip.pypa.io/en/stable/reference/requirements-file-format/ https://github.com/fortra/impacket/blob/impacket_0_11_0/requirements.txt https://github.com/fortra/impacket/blob/impacket_0_12_0/requirements.txt Follow-up to 7d5f8be532 #18708 Closes #18731
2026-04-29 17:42:13 +03:00 · 2025-09-25 13:14:36 +02:00 · 2025-09-25 13:14:36 +02:00 · e08211b1ca
commit e08211b1ca
parent 442943fb8e
3 changed files with 12 additions and 12 deletions
--- a/.github/scripts/requirements.txt
+++ b/.github/scripts/requirements.txt
@ -2,8 +2,8 @@
 #
 # SPDX-License-Identifier: curl

-cmakelang == 0.6.13
-codespell == 2.4.1
-pytype == 2024.10.11
-reuse == 5.1.1
-ruff == 0.13.1
+cmakelang==0.6.13
+codespell==2.4.1
+pytype==2024.10.11
+reuse==5.1.1
+ruff==0.13.1