From f0118b3d30ab7da1330ffdd428ce72b13d8a5af4 Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Tue, 7 Feb 2023 19:30:16 -0600 Subject: [PATCH] Bump cryptography to 39.0.1 for CVE-2023-23931 (#87658) Bump cryptography to 39.0.1 CVE-2023-23931 --- homeassistant/package_constraints.txt | 2 +- pyproject.toml | 2 +- requirements.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/homeassistant/package_constraints.txt b/homeassistant/package_constraints.txt index 290c7e64364..3dad786bf2f 100644 --- a/homeassistant/package_constraints.txt +++ b/homeassistant/package_constraints.txt @@ -17,7 +17,7 @@ bluetooth-auto-recovery==1.0.3 bluetooth-data-tools==0.3.1 certifi>=2021.5.30 ciso8601==2.3.0 -cryptography==39.0.0 +cryptography==39.0.1 dbus-fast==1.84.0 fnvhash==0.1.0 hass-nabucasa==0.61.0 diff --git a/pyproject.toml b/pyproject.toml index 54f7c191a46..9acb07aab6f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -41,7 +41,7 @@ dependencies = [ "lru-dict==1.1.8", "PyJWT==2.5.0", # PyJWT has loose dependency. We want the latest one. - "cryptography==39.0.0", + "cryptography==39.0.1", # pyOpenSSL 23.0.0 is required to work with cryptography 39+ "pyOpenSSL==23.0.0", "orjson==3.8.5", diff --git a/requirements.txt b/requirements.txt index 411c06127e7..a39348c7158 100644 --- a/requirements.txt +++ b/requirements.txt @@ -16,7 +16,7 @@ ifaddr==0.1.7 jinja2==3.1.2 lru-dict==1.1.8 PyJWT==2.5.0 -cryptography==39.0.0 +cryptography==39.0.1 pyOpenSSL==23.0.0 orjson==3.8.5 pip>=21.0,<23.1