From 9cf4d5b93e01e2828b459ddb3bbc371d4866228b Mon Sep 17 00:00:00 2001 From: Philipp Homberger Date: Fri, 1 Dec 2023 08:05:19 +0100 Subject: [PATCH 1/7] Delete python-keyczar==0.716 Keyczar is deprecated. See: https://github.com/google/keyczar Critical Vunability: https://www.cve.org/CVERecord?id=CVE-2013-7459 --- fixed-requirements.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/fixed-requirements.txt b/fixed-requirements.txt index 21f93c6f91..6ce842af5b 100644 --- a/fixed-requirements.txt +++ b/fixed-requirements.txt @@ -49,7 +49,6 @@ zstandard==0.15.2 # pyOpenSSL 23.1.0 supports cryptography up to 40.0.x pyOpenSSL==23.1.0 python-editor==1.0.4 -python-keyczar==0.716 pytz==2021.1 pywinrm==0.4.1 pyyaml==5.4.1 From c23327299fd7d9dc45c2a645844793ec05839186 Mon Sep 17 00:00:00 2001 From: Philipp Homberger Date: Fri, 1 Dec 2023 08:48:14 +0100 Subject: [PATCH 2/7] Update CHANGELOG.rst --- CHANGELOG.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 7a1bfa4e8e..23017875fe 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -82,6 +82,9 @@ Changed * Remove `distutils` dependencies across the project. #5992 Contributed by @AndroxxTraxxon +* Remove deprecated not use dependencie `python-keyczar`. #6078 + Contributed by (@philipphomberger Schwarz IT KG) + 3.8.0 - November 18, 2022 ------------------------- From ddeda0f3f8ebb6de370d83a4c387d67a249a25d9 Mon Sep 17 00:00:00 2001 From: Philipp Homberger Date: Fri, 1 Dec 2023 15:01:01 +0100 Subject: [PATCH 3/7] Update config.yml --- .circleci/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 83caf83010..d5b078070d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -43,7 +43,7 @@ jobs: # Run st2 Integration tests integration: docker: - - image: circleci/python:3.6 + - image: circleci/python:3.8 - image: mongo:4.0 - image: rabbitmq:3 working_directory: ~/st2 @@ -79,7 +79,7 @@ jobs: # Run st2 Lint Checks lint: docker: - - image: circleci/python:3.6 + - image: circleci/python:3.8 - image: mongo:4.0 - image: rabbitmq:3 working_directory: ~/st2 @@ -113,7 +113,7 @@ jobs: resource_class: large docker: # The primary container is an instance of the first list image listed. Your build commands run in this container. - - image: circleci/python:3.6 + - image: circleci/python:3.8 working_directory: ~/st2 environment: - DISTROS: "bionic focal el7 el8" From 6b947dee39e9f2657cd00fff71d7c3159eae1c2f Mon Sep 17 00:00:00 2001 From: Philipp Homberger Date: Fri, 1 Dec 2023 15:03:13 +0100 Subject: [PATCH 4/7] Update config.yml --- .circleci/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index d5b078070d..83caf83010 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -43,7 +43,7 @@ jobs: # Run st2 Integration tests integration: docker: - - image: circleci/python:3.8 + - image: circleci/python:3.6 - image: mongo:4.0 - image: rabbitmq:3 working_directory: ~/st2 @@ -79,7 +79,7 @@ jobs: # Run st2 Lint Checks lint: docker: - - image: circleci/python:3.8 + - image: circleci/python:3.6 - image: mongo:4.0 - image: rabbitmq:3 working_directory: ~/st2 @@ -113,7 +113,7 @@ jobs: resource_class: large docker: # The primary container is an instance of the first list image listed. Your build commands run in this container. - - image: circleci/python:3.8 + - image: circleci/python:3.6 working_directory: ~/st2 environment: - DISTROS: "bionic focal el7 el8" From 0c0bb0111b6b38e34cc4728f3c6bdd0ecee71865 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 8 Dec 2023 16:10:27 +0000 Subject: [PATCH 5/7] fix: st2common/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5663682 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813745 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813746 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813750 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6036192 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044 - https://snyk.io/vuln/SNYK-PYTHON-REDIS-5291195 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 --- st2common/requirements.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/st2common/requirements.txt b/st2common/requirements.txt index 575b251177..fecb67d1a4 100644 --- a/st2common/requirements.txt +++ b/st2common/requirements.txt @@ -11,7 +11,7 @@ apscheduler==3.7.0 cffi<1.15.0 chardet<3.1.0 ciso8601 -cryptography==39.0.1 +cryptography==41.0.6 decorator==4.4.2 dnspython>=1.16.0,<2.0.0 eventlet==0.33.3 @@ -35,7 +35,7 @@ pymongo==3.11.3 python-dateutil==2.8.1 python-statsd==2.1.0 pyyaml==5.4.1 -redis==4.1.4 +redis==4.3.6 requests[security]==2.25.1 retrying==1.3.3 routes==2.4.1 @@ -47,3 +47,5 @@ tooz==2.8.0 webob==1.8.7 zake==0.2.2 zstandard==0.15.2 +requests>=2.31.0 # not directly required, pinned by Snyk to avoid a vulnerability +setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability From ad225996dafdd899886ae85de1c387efa867e3cd Mon Sep 17 00:00:00 2001 From: Philipp Homberger Date: Wed, 21 Feb 2024 08:39:13 +0100 Subject: [PATCH 6/7] Update fixed-requirements.txt --- fixed-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fixed-requirements.txt b/fixed-requirements.txt index 6ce842af5b..2cfc67860c 100644 --- a/fixed-requirements.txt +++ b/fixed-requirements.txt @@ -53,7 +53,7 @@ pytz==2021.1 pywinrm==0.4.1 pyyaml==5.4.1 redis==4.1.4 -requests[security]==2.25.1 +requests>=2.31.0 # not directly required, pinned by Snyk to avoid a vulnerability retrying==1.3.3 routes==2.4.1 semver==2.13.0 From 0617f9e8bdb6348892ec2eb4b611aa69e273f8f4 Mon Sep 17 00:00:00 2001 From: philipp Date: Fri, 23 Feb 2024 12:17:02 +0000 Subject: [PATCH 7/7] add final stuff --- conf/st2.conf.sample | 373 ------------------------------------ requirements.txt | 2 +- st2actions/requirements.txt | 2 +- st2client/requirements.txt | 2 +- st2common/requirements.txt | 8 +- 5 files changed, 6 insertions(+), 381 deletions(-) diff --git a/conf/st2.conf.sample b/conf/st2.conf.sample index 5450a9e4d1..d77628ed78 100644 --- a/conf/st2.conf.sample +++ b/conf/st2.conf.sample @@ -1,376 +1,3 @@ # Sample config which contains all the available options which the corresponding descriptions # Note: This file is automatically generated using tools/config_gen.py - DO NOT UPDATE MANUALLY -[action_sensor] -# List of execution statuses for which a trigger will be emitted. -emit_when = succeeded,failed,timeout,canceled,abandoned # comma separated list allowed here. -# Whether to enable or disable the ability to post a trigger on action. -enable = True - -[actionrunner] -# Internal pool size for dispatcher used by regular actions. -actions_pool_size = 60 -# How long to wait for process (in seconds) to exit after receiving shutdown signal. -exit_still_active_check = 300 -# This will enable the graceful shutdown and wait for ongoing requests to complete until exit_timeout. -graceful_shutdown = True -# location of the logging.conf file -logging = /etc/st2/logging.actionrunner.conf -# List of pip options to be passed to "pip install" command when installing pack dependencies into pack virtual environment. -pip_opts = # comma separated list allowed here. -# Python binary which will be used by Python actions. -python_binary = /usr/bin/python -# Default log level to use for Python runner actions. Can be overriden on invocation basis using "log_level" runner parameter. -python_runner_log_level = DEBUG -# Time interval between subsequent queries to check running executions. -still_active_check_interval = 2 -# True to store and stream action output (stdout and stderr) in real-time. -stream_output = True -# Buffer size to use for real time action output streaming. 0 means unbuffered 1 means line buffered, -1 means system default, which usually means fully buffered and any other positive value means use a buffer of (approximately) that size -stream_output_buffer_size = -1 -# Virtualenv binary which should be used to create pack virtualenvs. -virtualenv_binary = /usr/bin/virtualenv -# List of virtualenv options to be passsed to "virtualenv" command that creates pack virtualenv. -virtualenv_opts = --system-site-packages # comma separated list allowed here. -# Internal pool size for dispatcher used by workflow actions. -workflows_pool_size = 40 - -[api] -# List of origins allowed for api, auth and stream -allow_origin = http://127.0.0.1:3000 # comma separated list allowed here. -# SameSite attribute value for the auth-token cookie we set on successful authentication from st2web. If you don't have a specific reason (e.g. supporting old browsers) we recommend you set this value to strict. Setting it to "unset" will default to the behavior in previous releases and not set this SameSite header value. -# Valid values: strict, lax, none, unset -auth_cookie_same_site = lax -# True if secure flag should be set for "auth-token" cookie which is set on successful authentication via st2web. You should only set this to False if you have a good reason to not run and access StackStorm behind https proxy. -auth_cookie_secure = True -# None -debug = False -# StackStorm API server host -host = 127.0.0.1 -# location of the logging.conf file -logging = /etc/st2/logging.api.conf -# True to mask secrets in the API responses -mask_secrets = True -# Maximum limit (page size) argument which can be specified by the user in a query string. -max_page_size = 100 -# StackStorm API server port -port = 9101 - -[auth] -# Common option - options below apply in both scenarios - when auth service is running as a WSGI -# service (e.g. under Apache or Nginx) and when it's running in the standalone mode. - -# Base URL to the API endpoint excluding the version -api_url = None -# Specify to enable debug mode. -debug = False -# Enable authentication middleware. -enable = True -# Path to the logging config. -logging = /etc/st2/logging.auth.conf -# Authentication mode (proxy,standalone) -mode = standalone -# Service token ttl in seconds. -service_token_ttl = 86400 -# Enable Single Sign On for GUI if true. -sso = False -# Single Sign On backend to use when SSO is enabled. Available backends: noop, saml2. -sso_backend = noop -# JSON serialized arguments which are passed to the SSO backend. -sso_backend_kwargs = None -# Access token ttl in seconds. -token_ttl = 86400 - -# Standalone mode options - options below only apply when auth service is running in the standalone -# mode. - -# Authentication backend to use in a standalone mode. Available backends: ldap, flat_file. -backend = flat_file -# JSON serialized arguments which are passed to the authentication backend in a standalone mode. -backend_kwargs = None -# Path to the SSL certificate file. Only used when "use_ssl" is specified. -cert = /etc/apache2/ssl/mycert.crt -# Host on which the service should listen on. -host = 127.0.0.1 -# Path to the SSL private key file. Only used when "use_ssl" is specified. -key = /etc/apache2/ssl/mycert.key -# Port on which the service should listen on. -port = 9100 -# Specify to enable SSL / TLS mode -use_ssl = False - -[content] -# A URL pointing to the pack index. StackStorm Exchange is used by default. Use a comma-separated list for multiple indexes if you want to get other packs discovered with "st2 pack search". -index_url = https://index.stackstorm.org/v1/index.json # comma separated list allowed here. -# User group that can write to packs directory. -pack_group = st2packs -# Paths which will be searched for integration packs. -packs_base_paths = None -# Paths which will be searched for runners. NOTE: This option has been deprecated and it's unused since StackStorm v3.0.0 -runners_base_paths = None -# Path to the directory which contains system packs. -system_packs_base_path = /opt/stackstorm/packs -# Path to the directory which contains system runners. NOTE: This option has been deprecated and it's unused since StackStorm v3.0.0 -system_runners_base_path = /opt/stackstorm/runners - -[coordination] -# TTL for the lock if backend suports it. -lock_timeout = 60 -# True to register StackStorm services in a service registry. -service_registry = False -# Endpoint for the coordination server. -url = None - -[database] -# Specifies database authentication mechanisms. By default, it use SCRAM-SHA-1 with MongoDB 3.0 and later, MONGODB-CR (MongoDB Challenge Response protocol) for older servers. -authentication_mechanism = None -# Comma delimited string of compression algorithms to use for transport level compression. Actual algorithm will then be decided based on the algorithms supported by the client and the server. For example: zstd. Defaults to no compression. Keep in mind that zstd is only supported with MongoDB 4.2 and later. -compressors = -# Connection retry backoff max (seconds). -connection_retry_backoff_max_s = 10 -# Backoff multiplier (seconds). -connection_retry_backoff_mul = 1 -# Connection retry total time (minutes). -connection_retry_max_delay_m = 3 -# Connection and server selection timeout (in ms). -connection_timeout = 3000 -# name of database -db_name = st2 -# host of db server -host = 127.0.0.1 -# password for db login -password = None -# port of db server -port = 27017 -# Create the connection to mongodb using SSL -ssl = False -# ca_certs file contains a set of concatenated CA certificates, which are used to validate certificates passed from MongoDB. -ssl_ca_certs = None -# Specifies whether a certificate is required from the other side of the connection, and whether it will be validated if provided -# Valid values: none, optional, required -ssl_cert_reqs = None -# Certificate file used to identify the localconnection -ssl_certfile = None -# Private keyfile used to identify the local connection against MongoDB. -ssl_keyfile = None -# If True and `ssl_cert_reqs` is not None, enables hostname verification -ssl_match_hostname = True -# username for db login -username = None -# Compression level when compressors is set to zlib. Valid values are -1 to 9. Defaults to 6. -zlib_compression_level = - -[garbagecollector] -# Action execution output objects (ones generated by action output streaming) older than this value (days) will be automatically deleted. Defaults to 7. -action_executions_output_ttl = 7 -# Action executions and related objects (live actions, action output objects) older than this value (days) will be automatically deleted. Defaults to None (disabled). -action_executions_ttl = None -# How often to check database for old data and perform garbage collection. -collection_interval = 600 -# Location of the logging configuration file. -logging = /etc/st2/logging.garbagecollector.conf -# Set to True to perform garbage collection on Inquiries (based on the TTL value per Inquiry) -purge_inquiries = False -# Rule enforcements older than this value (days) will be automatically deleted. Defaults to None (disabled). -rule_enforcements_ttl = None -# How long to wait / sleep (in seconds) between collection of different object types. -sleep_delay = 2 -# Workflow task execution output objects (generated by action output streaming) older than this value (days) will be automatically deleted. Defaults to None (disabled). -task_executions_ttl = None -# Tokens that expired over this value (days) will be automatically deleted. Defaults to None (disabled). -tokens_ttl = None -# Trace objects older than this value (days) will be automatically deleted. Defaults to None (disabled). -traces_ttl = None -# Trigger instances older than this value (days) will be automatically deleted. Defaults to None (disabled). -trigger_instances_ttl = None -# Workflow execution output objects (generated by action output streaming) older than this value (days) will be automatically deleted. Defaults to None (disabled). -workflow_executions_ttl = None - -[keyvalue] -# Allow encryption of values in key value stored qualified as "secret". -enable_encryption = True -# Location of the symmetric encryption key for encrypting values in kvstore. This key should be in JSON and should've been generated using st2-generate-symmetric-crypto-key tool. -encryption_key_path = - -[log] -# Exclusion list of loggers to omit. -excludes = # comma separated list allowed here. -# True to mask secrets in the log files. -mask_secrets = True -# Blacklist of additional attribute names to mask in the log messages. -mask_secrets_blacklist = # comma separated list allowed here. -# Controls if stderr should be redirected to the logs. -redirect_stderr = False - -[messaging] -# URL of all the nodes in a messaging service cluster. -cluster_urls = # comma separated list allowed here. -# Compression algorithm to use for compressing the payloads which are sent over the message bus. Defaults to no compression. -# Valid values: zstd, lzma, bz2, gzip, None -compression = None -# How many times should we retry connection before failing. -connection_retries = 10 -# How long should we wait between connection retries. -connection_retry_wait = 10000 -# Login method to use (AMQPLAIN, PLAIN, EXTERNAL, etc.). -login_method = None -# Use SSL / TLS to connect to the messaging server. Same as appending "?ssl=true" at the end of the connection URL string. -ssl = False -# ca_certs file contains a set of concatenated CA certificates, which are used to validate certificates passed from RabbitMQ. -ssl_ca_certs = None -# Specifies whether a certificate is required from the other side of the connection, and whether it will be validated if provided. -# Valid values: none, optional, required -ssl_cert_reqs = None -# Certificate file used to identify the local connection (client). -ssl_certfile = None -# Private keyfile used to identify the local connection against RabbitMQ. -ssl_keyfile = None -# URL of the messaging server. -url = amqp://guest:guest@127.0.0.1:5672// - -[metrics] -# Driver type for metrics collection. -driver = noop -# Destination server to connect to if driver requires connection. -host = 127.0.0.1 -# Destination port to connect to if driver requires connection. -port = 8125 -# Optional prefix which is prepended to all the metric names. Comes handy when you want to submit metrics from various environment to the same metric backend instance. -prefix = None -# Randomly sample and only send metrics for X% of metric operations to the backend. Default value of 1 means no sampling is done and all the metrics are sent to the backend. E.g. 0.1 would mean 10% of operations are sampled. -sample_rate = 1 - -[notifier] -# Location of the logging configuration file. -logging = /etc/st2/logging.notifier.conf - -[packs] -# Enable/Disable support for pack common libs. Setting this config to ``True`` would allow you to place common library code for sensors and actions in lib/ folder in packs and use them in python sensors and actions. See https://docs.stackstorm.com/reference/sharing_code_sensors_actions.html for details. -enable_common_libs = False - -[rulesengine] -# Location of the logging configuration file. -logging = /etc/st2/logging.rulesengine.conf - -[scheduler] -# How long GC to search back in minutes for orphaned scheduled actions -execution_scheduling_timeout_threshold_min = 1 -# How often (in seconds) to look for zombie execution requests before rescheduling them. -gc_interval = 10 -# Location of the logging configuration file. -logging = /etc/st2/logging.scheduler.conf -# The size of the pool used by the scheduler for scheduling executions. -pool_size = 10 -# The maximum number of attempts that the scheduler retries on error. -retry_max_attempt = 10 -# The number of milliseconds to wait in between retries. -retry_wait_msec = 3000 -# How long (in seconds) to sleep between each action scheduler main loop run interval. -sleep_interval = 0.1 - -[schema] -# URL to the JSON schema draft. -draft = http://json-schema.org/draft-04/schema# -# Version of JSON schema to use. -version = 4 - -[sensorcontainer] -# location of the logging.conf file -logging = /etc/st2/logging.sensorcontainer.conf -# Provider of sensor node partition config. -partition_provider = name:default -# name of the sensor node. -sensor_node_name = sensornode1 -# Run in a single sensor mode where parent process exits when a sensor crashes / dies. This is useful in environments where partitioning, sensor process life cycle and failover is handled by a 3rd party service such as kubernetes. -single_sensor_mode = False - -[ssh_runner] -# How partial success of actions run on multiple nodes should be treated. -allow_partial_failure = False -# Max number of parallel remote SSH actions that should be run. Works only with Paramiko SSH runner. -max_parallel_actions = 50 -# Location of the script on the remote filesystem. -remote_dir = /tmp -# Path to the ssh config file. -ssh_config_file_path = ~/.ssh/config -# Max time in seconds to establish the SSH connection. -ssh_connect_timeout = 60 -# Use the .ssh/config file. Useful to override ports etc. -use_ssh_config = False - -[stream] -# Specify to enable debug mode. -debug = False -# Send empty message every N seconds to keep connection open -heartbeat = 25 -# StackStorm stream API server host -host = 127.0.0.1 -# location of the logging.conf file -logging = /etc/st2/logging.stream.conf -# StackStorm API stream, server port -port = 9102 - -[syslog] -# Syslog facility level. -facility = local7 -# Host for the syslog server. -host = 127.0.0.1 -# Port for the syslog server. -port = 514 -# Transport protocol to use (udp / tcp). -protocol = udp - -[system] -# Base path to all st2 artifacts. -base_path = /opt/stackstorm -# Enable debug mode. -debug = False -# True to validate action and runner output against schema. -validate_output_schema = False -# True to validate parameters for non-system trigger types when creatinga rule. By default, only parameters for system triggers are validated. -validate_trigger_parameters = True -# True to validate payload for non-system trigger types when dispatching a trigger inside the sensor. By default, only payload for system triggers is validated. -validate_trigger_payload = True - -[system_user] -# SSH private key for the system user. -ssh_key_file = /home/stanley/.ssh/stanley_rsa -# Default system user. -user = stanley - -[timer] -# Specify to enable timer service. NOTE: Deprecated in favor of timersengine.enable -enable = None -# Timezone pertaining to the location where st2 is run. NOTE: Deprecated in favor of timersengine.local_timezone -local_timezone = None -# Location of the logging configuration file. NOTE: Deprecated in favor of timersengine.logging -logging = None - -[timersengine] -# Specify to enable timer service. -enable = True -# Timezone pertaining to the location where st2 is run. -local_timezone = America/Los_Angeles -# Location of the logging configuration file. -logging = /etc/st2/logging.timersengine.conf - -[webui] -# Base https URL to access st2 Web UI. This is used to construct history URLs that are sent out when chatops is used to kick off executions. -webui_base_url = https://localhost - -[workflow_engine] -# How long to wait for process (in seconds) to exit after receiving shutdown signal. -exit_still_active_check = 300 -# Max seconds to allow workflow execution be idled before it is identified as orphaned and cancelled by the garbage collector. A value of zero means the feature is disabled. This is disabled by default. -gc_max_idle_sec = 0 -# Location of the logging configuration file. -logging = /etc/st2/logging.workflowengine.conf -# Max jitter interval to smooth out retries. -retry_max_jitter_msec = 1000 -# Max time to stop retrying. -retry_stop_max_msec = 60000 -# Interval inbetween retries. -retry_wait_fixed_msec = 1000 -# Time interval between subsequent queries to check executions handled by WFE. -still_active_check_interval = 2 - diff --git a/requirements.txt b/requirements.txt index b0b44eda39..eab76802cf 100644 --- a/requirements.txt +++ b/requirements.txt @@ -60,7 +60,7 @@ pywinrm==0.4.1 pyyaml==5.4.1 redis==4.1.4 rednose -requests[security]==2.25.1 +requests>=2.31.0 retrying==1.3.3 routes==2.4.1 semver==2.13.0 diff --git a/st2actions/requirements.txt b/st2actions/requirements.txt index bdfe4e8b1c..2067ec0f83 100644 --- a/st2actions/requirements.txt +++ b/st2actions/requirements.txt @@ -21,5 +21,5 @@ pyparsing<3 python-dateutil==2.8.1 python-json-logger pyyaml==5.4.1 -requests[security]==2.25.1 +requests>=2.31.0 six==1.13.0 diff --git a/st2client/requirements.txt b/st2client/requirements.txt index e4656b91d8..4651752698 100644 --- a/st2client/requirements.txt +++ b/st2client/requirements.txt @@ -21,7 +21,7 @@ python-dateutil==2.8.1 python-editor==1.0.4 pytz==2021.1 pyyaml==5.4.1 -requests[security]==2.25.1 +requests>=2.31.0 six==1.13.0 sseclient-py==1.7 typing-extensions<4.2 diff --git a/st2common/requirements.txt b/st2common/requirements.txt index fecb67d1a4..9aeb6cd04f 100644 --- a/st2common/requirements.txt +++ b/st2common/requirements.txt @@ -11,7 +11,7 @@ apscheduler==3.7.0 cffi<1.15.0 chardet<3.1.0 ciso8601 -cryptography==41.0.6 +cryptography==39.0.1 decorator==4.4.2 dnspython>=1.16.0,<2.0.0 eventlet==0.33.3 @@ -35,8 +35,8 @@ pymongo==3.11.3 python-dateutil==2.8.1 python-statsd==2.1.0 pyyaml==5.4.1 -redis==4.3.6 -requests[security]==2.25.1 +redis==4.1.4 +requests>=2.31.0 retrying==1.3.3 routes==2.4.1 semver==2.13.0 @@ -47,5 +47,3 @@ tooz==2.8.0 webob==1.8.7 zake==0.2.2 zstandard==0.15.2 -requests>=2.31.0 # not directly required, pinned by Snyk to avoid a vulnerability -setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability