From d41e640c4cbe59463ae11b6729c7e994d6f8a582 Mon Sep 17 00:00:00 2001 From: Justin Miller Date: Fri, 19 Apr 2024 04:37:28 -0700 Subject: [PATCH] Addressing Address SNYK-PYTHON-GUNICORN-6615672, SNYK-PYTHON-CRYPTOGRAPHY-6126975 --- python/setup.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/python/setup.py b/python/setup.py index 3e06dfc03a..0e7c8b2a3a 100644 --- a/python/setup.py +++ b/python/setup.py @@ -33,12 +33,13 @@ "jaeger-client >= 4.1.0, < 4.5.0", "grpcio-opentracing >= 1.1.4, < 1.2.0", "grpcio-reflection < 2.0.0", - "gunicorn >= 19.9.0, < 20.2.0", + # Addresses CVE SNYK-PYTHON-GUNICORN-6615672 + "gunicorn >= 19.9.0, <= 22.0.0", "setuptools >= 65.5.1", "prometheus_client >= 0.7.1, < 0.9.0", "werkzeug >= 2.1.1, < 2.3", - # Addresses CVE SNYK-PYTHON-CRYPTOGRAPHY-3315328 - "cryptography >= 39.0.1, < 41.1", + # Addresses CVE SNYK-PYTHON-CRYPTOGRAPHY-3315328, SNYK-PYTHON-CRYPTOGRAPHY-6126975 + "cryptography >= 39.0.1, <= 42.0.0", # Addresses CVE SNYK-PYTHON-PYYAML-590151 "PyYAML >= 5.4, <= 6.0.1", # Addresses CVE PRISMA-2021-0020