Merge pull request #12 from Conjur-Enterprise/snyk-fix-adbe24175b863c1de0ee3890236f7c4f

szh · GitHub Enterprise · commit 32b3bbc0925d · 2024-08-01T22:03:39.000+03:00
CNJR-0000: [Snyk] Fix for 4 vulnerabilities
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [0.1.2] - 2024-08-01
+
+### Security
+- Update python dependencies
+
 ## [0.1.1] - 2024-03-14
 
 ### Added
diff --git a/requirements.txt b/requirements.txt
@@ -9,10 +9,12 @@ PyInstaller>=4.0
 PyYAML>=5.3.1
 aiohttp>=3.9.3
 asynctest>=0.13.0
-setuptools>=57.0.0
+setuptools>=70.0.0
 twine>=3.2.0
 build>=0.7.0
 # https://nvd.nist.gov/vuln/detail/CVE-2020-26137
-urllib3>=1.25.9
+urllib3>=2.2.2
 
-aiounittest~=1.4.1
+aiounittest~=1.4.1
+requests>=2.32.2 # not directly required, pinned by Snyk to avoid a vulnerability
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
diff --git a/tests/https/test_unit_http_ssl.py b/tests/https/test_unit_http_ssl.py
@@ -44,7 +44,8 @@
     # "https://extended-validation.badssl.com",
     "https://rsa2048.badssl.com",
     "https://rsa4096.badssl.com",
-    "https://rsa8192.badssl.com",
+    # This is temporarily broken, see https://github.com/chromium/badssl.com/issues/501
+    # "https://rsa8192.badssl.com",
     "https://sha256.badssl.com",
     # These are temporarily broken, see https://github.com/chromium/badssl.com/issues/501
     # "https://sha384.badssl.com",
