Skip to content

Commit

Permalink
deps: Downgrade python3-saml
Browse files Browse the repository at this point in the history 
Recent python3-saml versions block lxml upgrade, which in turn contains
security fixes for  GHSA-wrxv-2j5q-m38w.
The version restriction seems to be caused by binary wheel not
compatible with some distros (see
SAML-Toolkits/python3-saml#292). As we build lxml
from the source, we're not affected by this.

Once python3-saml raises the restriction (for example by
SAML-Toolkits/python3-saml#309), we can switch back
to the latest version.
  • Loading branch information
@nijel
nijel committed Jul 15, 2022
1 parent 96a499c commit 1756700
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion requirements.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ psycopg2==2.9.3
Pygments==2.12.0
python-akismet==0.4.3
python-dateutil==2.8.2
python3-saml==1.14.0
python3-saml==1.12.0
pyuca==1.2
raven
redis==4.3.4
Expand Down

0 comments on commit 1756700

Please sign in to comment.