Merge #1853

1853: Update dependencies r=mergify[bot] a=ghostwheel42 ## What type of PR? security update python dependencies ## What does this PR do? updates cryptography, Jinja2, pyOpenSSL and PyYAML to current versions ### Related issue(s) security updates as discussed in #1829 Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3 years ago · 0cd52ae3ca
parent 0772e172ff 3bb0d68ead
commit 0cd52ae3ca
2 changed files with 5 additions and 5 deletions
--- a/core/admin/Dockerfile
+++ b/core/admin/Dockerfile
@ -26,7 +26,7 @@ WORKDIR /app
 COPY requirements-prod.txt requirements.txt
 RUN apk add --no-cache libressl curl postgresql-libs mariadb-connector-c \
  && apk add --no-cache --virtual build-dep \
-  libressl-dev libffi-dev python3-dev build-base postgresql-dev mariadb-connector-c-dev \
+  libressl-dev libffi-dev python3-dev build-base postgresql-dev mariadb-connector-c-dev cargo \
  && pip3 install -r requirements.txt \
  && apk del --no-cache build-dep

--- a/core/admin/requirements-prod.txt
+++ b/core/admin/requirements-prod.txt
@ -5,7 +5,7 @@ bcrypt==3.1.6
 blinker==1.4
 cffi==1.12.3
 Click==7.0
-cryptography==3.2
+cryptography==3.4.7
 decorator==4.4.0
 dnspython==1.16.0
 dominate==2.3.5
@ -25,7 +25,7 @@ idna==2.8
 infinity==1.4
 intervals==0.8.1
 itsdangerous==1.1.0
-Jinja2==2.10.1
+Jinja2==2.11.3
 limits==1.3
 Mako==1.0.9
 MarkupSafe==1.1.1
@ -36,11 +36,11 @@ passlib==1.7.4
 psycopg2==2.8.2
 pycparser==2.19
 Pygments==2.8.1
-pyOpenSSL==19.0.0
+pyOpenSSL==20.0.1
 python-dateutil==2.8.0
 python-editor==1.0.4
 pytz==2019.1
-PyYAML==5.1
+PyYAML==5.4.1
 redis==3.2.1
 #alpine3:12 provides six==1.15.0
 #six==1.12.0