mirror of
https://github.com/ansible/awx.git
synced 2026-02-05 09:45:21 +01:00
Cleaning up requirements.in
Removing all >= dependencies as these were upgraded past the >= version with the last update.
The following libraries were secondary imports and were removed from the requirements.in as we are past the version required to fix their CVEs:
* autobhan
* kubernetes
* pyjwt
* sqlparse
This commit is contained in:
John Westcott IV
Binary file not shown.
BIN
licenses/autocommand-2.2.2.tar.gz
Normal file
BIN
licenses/autocommand-2.2.2.tar.gz
Normal file
Binary file not shown.
@@ -1,21 +0,0 @@
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2017 Laurent LAPORTE
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
@@ -1,24 +0,0 @@
|
||||
Copyright (c) 2013-2022, Graham Dumpleton
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
|
||||
* Redistributions of source code must retain the above copyright notice, this
|
||||
list of conditions and the following disclaimer.
|
||||
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
this list of conditions and the following disclaimer in the documentation
|
||||
and/or other materials provided with the distribution.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
|
||||
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGE.
|
||||
@@ -1,20 +1,19 @@
|
||||
aiohttp>=3.7.4
|
||||
aiohttp
|
||||
ansiconv==1.0.0 # UPGRADE BLOCKER: from 2013, consider replacing instead of upgrading
|
||||
asciichartpy
|
||||
asn1
|
||||
autobahn>=20.12.3 # CVE-2020-35678
|
||||
azure-keyvault==1.1.0 # see UPGRADE BLOCKERs
|
||||
channels
|
||||
channels-redis>=3.1.0 # https://github.com/django/channels_redis/issues/212
|
||||
channels-redis
|
||||
cryptography
|
||||
Cython<3 # Since the bump to PyYAML 5.4.1 this is now a mandatory dep
|
||||
daphne
|
||||
distro
|
||||
django==3.2.16 # see UPGRADE BLOCKERs https://github.com/ansible/awx/security/dependabot/67
|
||||
django-auth-ldap
|
||||
django-cors-headers>=3.5.0
|
||||
django-cors-headers
|
||||
django-crum
|
||||
django-extensions>=2.2.9 # https://github.com/ansible/awx/pull/6441
|
||||
django-extensions
|
||||
django-guid==3.2.1
|
||||
django-oauth-toolkit==1.4.1
|
||||
django-polymorphic
|
||||
@@ -26,43 +25,40 @@ django-taggit
|
||||
djangorestframework==3.13.1
|
||||
djangorestframework-yaml
|
||||
filelock
|
||||
GitPython>=3.1.1 # minimum to fix https://github.com/ansible/awx/issues/6119
|
||||
GitPython
|
||||
irc
|
||||
jinja2>=2.11.3 # CVE-2020-28493
|
||||
jinja2
|
||||
JSON-log-formatter
|
||||
jsonschema
|
||||
kubernetes>=12.0.0 # CVE-2020-1747
|
||||
Markdown # used for formatting API help
|
||||
openshift>=0.12.0 # minimum version to pull in new pyyaml for CVE-2017-18342, minimum version to pull in new kubernetes for CVE-2020-1747
|
||||
openshift
|
||||
pexpect==4.7.0 # see library notes
|
||||
prometheus_client
|
||||
psycopg2
|
||||
psutil
|
||||
pygerduty
|
||||
pyjwt>=2.4.0 # https://github.com/ansible/awx/security/dependabot/58
|
||||
pyparsing==2.4.6 # Upgrading to v3 of pyparsing introduce errors on smart host filtering: Expected 'or' term, found 'or' (at char 15), (line:1, col:16)
|
||||
python3-saml==1.13.0
|
||||
python-dsv-sdk
|
||||
python-tss-sdk==1.0.0
|
||||
python-ldap>=3.4.0 # https://github.com/ansible/awx/security/dependabot/20
|
||||
pyyaml>=5.4.1 # minimum to fix https://github.com/yaml/pyyaml/issues/478
|
||||
python-ldap
|
||||
pyyaml
|
||||
receptorctl==1.2.3
|
||||
schedule==0.6.0
|
||||
social-auth-core[openidconnect]==4.3.0 # see UPGRADE BLOCKERs
|
||||
social-auth-app-django==5.0.0 # see UPGRADE BLOCKERs
|
||||
redis
|
||||
requests
|
||||
sqlparse>=0.4.2 # Required by Django, pinning for CVE-2021-32839
|
||||
slack-sdk
|
||||
tacacs_plus==1.0 # UPGRADE BLOCKER: auth does not work with later versions
|
||||
twilio>7.9.0 # Pick up fix for use with proxy server via environment variables
|
||||
twisted[tls]>=22.4.0 # CVE-2020-10108, CVE-2020-10109, CVE-2022-21712 (https://github.com/ansible/awx/security/dependabot/46), https://github.com/ansible/awx/security/dependabot/53
|
||||
twilio
|
||||
twisted[tls]
|
||||
uWSGI
|
||||
uwsgitop
|
||||
wheel
|
||||
pip==21.2.4 # see UPGRADE BLOCKERs
|
||||
setuptools>=62.4.0 # see UPGRADE BLOCKERs
|
||||
setuptools_scm[toml]>=3.4 # see UPGRADE BLOCKERs, xmlsec build dep
|
||||
setuptools # see UPGRADE BLOCKERs
|
||||
setuptools_scm[toml] # see UPGRADE BLOCKERs, xmlsec build dep
|
||||
xmlsec==1.3.12 # xmlsec 1.3.13 removed the ability to use lxml 4.7.0 but python3-saml requires lxml 4.7.0 so we need to pin xmlsec
|
||||
lxml>=3.8 # xmlsec build dep
|
||||
pkgconfig>=1.5.1 # xmlsec build dep
|
||||
|
||||
@@ -29,9 +29,7 @@ attrs==22.1.0
|
||||
# service-identity
|
||||
# twisted
|
||||
autobahn==22.7.1
|
||||
# via
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# daphne
|
||||
# via daphne
|
||||
autocommand==2.2.2
|
||||
# via jaraco-text
|
||||
automat==22.10.0
|
||||
@@ -203,9 +201,7 @@ json-log-formatter==0.5.1
|
||||
jsonschema==4.17.1
|
||||
# via -r /awx_devel/requirements/requirements.in
|
||||
kubernetes==25.3.0
|
||||
# via
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# openshift
|
||||
# via openshift
|
||||
lockfile==0.12.2
|
||||
# via python-daemon
|
||||
lxml==4.7.0
|
||||
@@ -285,7 +281,6 @@ pygerduty==0.38.3
|
||||
# via -r /awx_devel/requirements/requirements.in
|
||||
pyjwt==2.6.0
|
||||
# via
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# adal
|
||||
# social-auth-core
|
||||
# twilio
|
||||
@@ -404,9 +399,7 @@ social-auth-core[openidconnect]==4.3.0
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# social-auth-app-django
|
||||
sqlparse==0.4.3
|
||||
# via
|
||||
# -r /awx_devel/requirements/requirements.in
|
||||
# django
|
||||
# via django
|
||||
tacacs-plus==1.0
|
||||
# via -r /awx_devel/requirements/requirements.in
|
||||
tempora==5.1.0
|
||||
|
||||
Reference in New Issue
Block a user