From ce97bb05e58ab4f73994bf6a328661b36116ede3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Wed, 18 Sep 2024 23:42:07 +0200 Subject: [PATCH] Relax 'requests' dependency Let it pick the version from the distribution. Note the versioned dependency in salt was due to https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56, so it's not great, but doesn't affect our use case (the verify= option with possibly non-true value is used when talking to S3, which we don't use). In any case, let the update be handled by the distribution. --- 0001-Drop-versioned-certifi-dependency.patch | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/0001-Drop-versioned-certifi-dependency.patch b/0001-Drop-versioned-certifi-dependency.patch index 6d8bca8..0adaf1d 100644 --- a/0001-Drop-versioned-certifi-dependency.patch +++ b/0001-Drop-versioned-certifi-dependency.patch @@ -5,6 +5,7 @@ Date: Thu, 15 Aug 2024 03:46:12 +0200 Subject: [PATCH] Drop versioned certifi dependency Let it pick the version from the distribution. +Similarly for requests. --- requirements/base.txt | 2 -- 1 file changed, 2 deletions(-) @@ -13,10 +14,13 @@ diff --git a/requirements/base.txt b/requirements/base.txt index de9cbaab17..bce14bc510 100644 --- a/requirements/base.txt +++ b/requirements/base.txt -@@ -7,8 +7,6 @@ PyYAML +@@ -7,10 +7,7 @@ PyYAML + msgpack>=1.0.0 + PyYAML MarkupSafe - requests<2.32.0 ; python_version < '3.10' - requests>=2.32.3 ; python_version >= '3.10' +-requests<2.32.0 ; python_version < '3.10' +-requests>=2.32.3 ; python_version >= '3.10' ++requests>=2.31.0 -certifi==2023.07.22; python_version < '3.10' -certifi>=2024.7.4; python_version >= '3.10' distro>=1.0.1