Home Explore Help
Register Sign In
RISCI_ATOM
/
pagure
mirror of https://pagure.io/pagure.git
1
0
Fork 0
Files Issues 3 Wiki
Browse Source

build(requirements): pin 'itsdangerous' to < 2.1

'flask-oidc' 1.4.0 (latest) still use 'JSONWebSignatureSerializer' which was removed in 'itsdangerous' v2.1.
Until https://github.com/puiterwijk/flask-oidc/pull/144 is merged and a new version of flask-oidc is released,
it's necessary to pin 'itsdangerous' to a version below 2.1 if 'flask-oidc' is used.

References:
https://github.com/puiterwijk/flask-oidc/issues/147
https://itsdangerous.palletsprojects.com/en/2.1.x/changes/#version-2-1-0
Dominik Wombacher 1 year ago
parent
efc12ec5f5
commit
7d6573a31c
2 changed files with 8 additions and 0 deletions
Split View Show Diff Stats
  1. 5 0
      requirements-testing.txt
  2. 3 0
      requirements.txt

+ 5 - 0
requirements-testing.txt
View File 

@@ -5,7 +5,12 @@ cryptography <= 36.0.0
 
 eventlet <= 0.33.2
 
 fedmsg <= 1.1.2
 
 flake8 <= 4.0.1
 
+
 
+# Important: Until https://github.com/puiterwijk/flask-oidc/pull/144 is merged and a new version of flask-oidc is released,
 
+# it's necessary to ensure `itsdangerous` is pinned to a version lower as 2.1 as well.
 
 flask-oidc <= 1.4.0
 
+itsdangerous < 2.1          
+
 
 mock <= 4.0.3
 
 pagure-messages >= 0.0.1
 
 pytest <= 6.2.5

+ 3 - 0
requirements.txt
View File 

@@ -38,7 +38,10 @@ whitenoise <= 6.2.0
 
 wtforms <= 3.0.1
 
 
 # Required only for the `oidc` authentication backend
 
+# Important: Until https://github.com/puiterwijk/flask-oidc/pull/144 is merged and a new version of flask-oidc is released, 
+# it's necessary to ensure `itsdangerous` is pinned to a version lower as 2.1 as well.
 
 # flask-oidc <= 1.4.0
 
+# itsdangerous < 2.1
 
 
 # Required only if `USE_FLASK_SESSION_EXT` is set to `True`
 
 # flask-session