Merge pull request #2155 from docker/bump_pyopenssl

Bump pyopenssl to prevent installation of vulnerable version

Merge pull request #2155 from docker/bump_pyopenssl
Bump pyopenssl to prevent installation of vulnerable version
8820e737 · Joffrey F · GitHub · 567d5526 · 609045f3 · 8820e737
Unverified Kaydet (Commit) 8820e737 authored Eki 17, 2018 tarafından Joffrey F Kaydeden (comit) GitHub Eki 17, 2018
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

requirements.txt requirements.txt +1 -1

setup.py setup.py +1 -1

No files found.
--- a/requirements.txt
+++ b/requirements.txt
@@ -10,7 +10,7 @@ idna==2.5
 ipaddress==1.0.18
 packaging==16.8
 pycparser==2.17
-pyOpenSSL==17.0.0
+pyOpenSSL==18.0.0
 pyparsing==2.2.0
 pypiwin32==219; sys_platform == 'win32' and python_version < '3.6'
 pypiwin32==223; sys_platform == 'win32' and python_version >= '3.6'

--- a/setup.py
+++ b/setup.py
@@ -40,7 +40,7 @@ extras_require = {
    # https://github.com/pypa/pip/issues/4391).  Once that's fixed, instead of
    # installing the extra dependencies, install the following instead:
    # 'requests[security] >= 2.5.2, != 2.11.0, != 2.12.2'
-    'tls': ['pyOpenSSL>=0.14', 'cryptography>=1.3.4', 'idna>=2.0.0'],
+    'tls': ['pyOpenSSL>=17.5.0', 'cryptography>=1.3.4', 'idna>=2.0.0'],
 }