Merge pull request #2155 from docker/bump_pyopenssl

shin- · web-flow · commit 8820e737c6bb · 2018-10-17T14:25:08.000-07:00
Bump pyopenssl to prevent installation of vulnerable version
diff --git a/requirements.txt b/requirements.txt
@@ -10,7 +10,7 @@ idna==2.5
 ipaddress==1.0.18
 packaging==16.8
 pycparser==2.17
-pyOpenSSL==17.0.0
+pyOpenSSL==18.0.0
 pyparsing==2.2.0
 pypiwin32==219; sys_platform == 'win32' and python_version < '3.6'
 pypiwin32==223; sys_platform == 'win32' and python_version >= '3.6'
diff --git a/setup.py b/setup.py
@@ -40,7 +40,7 @@
     # https://github.com/pypa/pip/issues/4391).  Once that's fixed, instead of
     # installing the extra dependencies, install the following instead:
     # 'requests[security] >= 2.5.2, != 2.11.0, != 2.12.2'
-    'tls': ['pyOpenSSL>=0.14', 'cryptography>=1.3.4', 'idna>=2.0.0'],
+    'tls': ['pyOpenSSL>=17.5.0', 'cryptography>=1.3.4', 'idna>=2.0.0'],
 
 }
 

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@`
`40`	`40`	`# https://github.com/pypa/pip/issues/4391). Once that's fixed, instead of`
`41`	`41`	`# installing the extra dependencies, install the following instead:`
`42`	`42`	`# 'requests[security] >= 2.5.2, != 2.11.0, != 2.12.2'`
`43`		`- 'tls': ['pyOpenSSL>=0.14', 'cryptography>=1.3.4', 'idna>=2.0.0'],`
	`43`	`+ 'tls': ['pyOpenSSL>=17.5.0', 'cryptography>=1.3.4', 'idna>=2.0.0'],`
`44`	`44`
`45`	`45`	`}`
`46`	`46`