Merge pull request #6509 from ryanpetrello/twisted-cves

update to the latest twisted to address two open CVEs Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
2024-10-27 09:25:10 +03:00 · 2020-03-31 19:59:11 +00:00 · 2020-03-31 19:59:11 +00:00 · 6940704deb
commit 6940704deb
parent 6b9cacb85f 4423e6edae
2 changed files with 2 additions and 1 deletions
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@ -46,6 +46,7 @@ requests-futures  # see library notes
 slackclient==1.1.2  # see UPGRADE BLOCKERs
 tacacs_plus==1.0  # UPGRADE BLOCKER: auth does not work with later versions
 twilio
+twisted[tls]>=20.3.0  # CVE-2020-10108, CVE-2020-10109
 uWSGI
 uwsgitop
 pip==19.3.1  # see UPGRADE BLOCKERs
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@ -118,7 +118,7 @@ sqlparse==0.3.1           # via django
 tacacs_plus==1.0          # via -r /awx_devel/requirements/requirements.in
 tempora==2.1.0            # via irc, jaraco.logging
 twilio==6.37.0            # via -r /awx_devel/requirements/requirements.in
-twisted[tls]==19.10.0     # via daphne
+twisted[tls]==20.3.0      # via -r /awx_devel/requirements/requirements.in, daphne
 txaio==20.1.1             # via autobahn
 typing-extensions==3.7.4.1  # via aiohttp
 urllib3==1.25.8           # via kubernetes, requests