Bump pyopenssl to prevent installation of vulnerable version

CVE refs: CVE-2018-1000807 CVE-2018-1000808 Signed-off-by: Joffrey F <joffrey@docker.com>

Bump pyopenssl to prevent installation of vulnerable version
CVE refs: CVE-2018-1000807 CVE-2018-1000808 Signed-off-by: Joffrey F <joffrey@docker.com>
609045f3 · Joffrey F · 416ea74e · 609045f3 · 609045f3
Kaydet (Commit) 609045f3 authored Eki 17, 2018 tarafından Joffrey F
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

requirements.txt requirements.txt +1 -1

setup.py setup.py +1 -1

No files found.
--- a/requirements.txt
+++ b/requirements.txt
@@ -10,7 +10,7 @@ idna==2.5
 ipaddress==1.0.18
 packaging==16.8
 pycparser==2.17
-pyOpenSSL==17.0.0
+pyOpenSSL==18.0.0
 pyparsing==2.2.0
 pypiwin32==219; sys_platform == 'win32' and python_version < '3.6'
 pypiwin32==223; sys_platform == 'win32' and python_version >= '3.6'

--- a/setup.py
+++ b/setup.py
@@ -40,7 +40,7 @@ extras_require = {
    # https://github.com/pypa/pip/issues/4391).  Once that's fixed, instead of
    # installing the extra dependencies, install the following instead:
    # 'requests[security] >= 2.5.2, != 2.11.0, != 2.12.2'
-    'tls': ['pyOpenSSL>=0.14', 'cryptography>=1.3.4', 'idna>=2.0.0'],
+    'tls': ['pyOpenSSL>=17.5.0', 'cryptography>=1.3.4', 'idna>=2.0.0'],

 }