Unpin social-auth-core dependency

Needed to drop abandoned python-jose, which in turn depends on ecdsa, a library that is not safe against side-channel attacks, xref.: GHSA-wj6h-64fc-37mp
nsoranzo · Mar 5, 2024 · e4aae94 · e4aae94
1 parent 184d880
commit e4aae94
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 6 deletions.
diff --git a/lib/galaxy/dependencies/pinned-requirements.txt b/lib/galaxy/dependencies/pinned-requirements.txt
@@ -63,7 +63,6 @@ dnspython==2.6.1 ; python_version >= "3.8" and python_version < "3.13"
 docopt==0.6.2 ; python_version >= "3.8" and python_version < "3.13"
 docutils==0.18.1 ; python_version >= "3.8" and python_version < "3.13"
 dparse==0.6.3 ; python_version >= "3.8" and python_version < "3.13"
-ecdsa==0.18.0 ; python_version >= "3.8" and python_version < "3.13"
 edam-ontology==1.25.2 ; python_version >= "3.8" and python_version < "3.13"
 email-validator==2.1.1 ; python_version >= "3.8" and python_version < "3.13"
 exceptiongroup==1.2.0 ; python_version >= "3.8" and python_version < "3.11"
@@ -133,7 +132,6 @@ prompt-toolkit==3.0.43 ; python_version >= "3.8" and python_version < "3.13"
 prov==1.5.1 ; python_version >= "3.8" and python_version < "3.13"
 psutil==5.9.8 ; python_version >= "3.8" and python_version < "3.13"
 pulsar-galaxy-lib==0.15.6 ; python_version >= "3.8" and python_version < "3.13"
-pyasn1==0.5.1 ; python_version >= "3.8" and python_version < "3.13"
 pycparser==2.21 ; python_version >= "3.8" and python_version < "3.13"
 pycryptodome==3.20.0 ; python_version >= "3.8" and python_version < "3.13"
 pydantic-core==2.14.6 ; python_version >= "3.8" and python_version < "3.13"
@@ -153,7 +151,6 @@ pyparsing==3.1.1 ; python_version >= "3.8" and python_version < "3.13"
 pyreadline3==3.4.1 ; sys_platform == "win32" and python_version >= "3.8" and python_version < "3.13"
 pysam==0.22.0 ; python_version >= "3.8" and python_version < "3.13"
 python-dateutil==2.9.0.post0 ; python_version >= "3.8" and python_version < "3.13"
-python-jose==3.3.0 ; python_version >= "3.8" and python_version < "3.13"
 python-magic==0.4.27 ; python_version >= "3.8" and python_version < "3.13"
 python-multipart==0.0.9 ; python_version >= "3.8" and python_version < "3.13"
 python3-openid==3.2.0 ; python_version >= "3.8" and python_version < "3.13"
@@ -173,7 +170,6 @@ rich==13.7.1 ; python_version >= "3.8" and python_version < "3.13"
 rocrate==0.9.0 ; python_version >= "3.8" and python_version < "3.13"
 routes==2.5.1 ; python_version >= "3.8" and python_version < "3.13"
 rpds-py==0.18.0 ; python_version >= "3.8" and python_version < "3.13"
-rsa==4.9 ; python_version >= "3.8" and python_version < "3.13"
 ruamel-yaml-clib==0.2.8 ; platform_python_implementation == "CPython" and python_version < "3.13" and python_version >= "3.8"
 ruamel-yaml==0.18.6 ; python_version >= "3.8" and python_version < "3.13"
 s3fs==2023.12.2 ; python_version >= "3.8" and python_version < "3.13"
@@ -183,7 +179,7 @@ setuptools==69.1.1 ; python_version >= "3.8" and python_version < "3.13"
 shellescape==3.8.1 ; python_version >= "3.8" and python_version < "3.13"
 six==1.16.0 ; python_version >= "3.8" and python_version < "3.13"
 sniffio==1.3.1 ; python_version >= "3.8" and python_version < "3.13"
-social-auth-core[openidconnect]==4.0.3 ; python_version >= "3.8" and python_version < "3.13"
+social-auth-core[openidconnect]==4.5.3 ; python_version >= "3.8" and python_version < "3.13"
 sortedcontainers==2.4.0 ; python_version >= "3.8" and python_version < "3.13"
 spython==0.3.13 ; python_version >= "3.8" and python_version < "3.13"
 sqlalchemy==1.4.51 ; python_version >= "3.8" and python_version < "3.13"

diff --git a/pyproject.toml b/pyproject.toml
@@ -106,7 +106,7 @@ requests = "*"
 rocrate = "*"
 Routes = "*"
 schema-salad = "!=8.3.20220721194857"  # https://github.com/common-workflow-language/schema_salad/issues/575
-social-auth-core = {version = "==4.0.3", extras = ["openidconnect"]}
+social-auth-core = {version = "*", extras = ["openidconnect"]}
 sortedcontainers = "*"
 SQLAlchemy = ">=1.4.25,<2"
 sqlitedict = "*"