Bump pyopenssl to prevent installation of vulnerable versionbump_pyopenssl

CVE refs: CVE-2018-1000807 CVE-2018-1000808 Signed-off-by: Joffrey F <joffrey@docker.com>
author: Joffrey F <joffrey@docker.com> 2018-10-17 13:52:39 -0700
committer: Joffrey F <joffrey@docker.com> 2018-10-17 13:52:39 -0700
commit: 609045f343ac628f953bb3a8fe5b201700929b5c (patch)
tree: 3123a5dc838de8953c6c9117ed060733ddec131e
parent: 416ea74e3f4e1aa017a2a265f43e37afa7b6285e (diff)
download: docker-py-bump_pyopenssl.tar.gz
2 files changed, 2 insertions, 2 deletions
diff --git a/requirements.txt b/requirements.txt
index 289dea9..c46a021 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -10,7 +10,7 @@ idna==2.5
 ipaddress==1.0.18
 packaging==16.8
 pycparser==2.17
-pyOpenSSL==17.0.0
+pyOpenSSL==18.0.0
 pyparsing==2.2.0
 pypiwin32==219; sys_platform == 'win32' and python_version < '3.6'
 pypiwin32==223; sys_platform == 'win32' and python_version >= '3.6'
diff --git a/setup.py b/setup.py
index 1b208e5..390783d 100644
--- a/setup.py
+++ b/setup.py
@@ -40,7 +40,7 @@ extras_require = {
     # https://github.com/pypa/pip/issues/4391).  Once that's fixed, instead of
     # installing the extra dependencies, install the following instead:
     # 'requests[security] >= 2.5.2, != 2.11.0, != 2.12.2'
-    'tls': ['pyOpenSSL>=0.14', 'cryptography>=1.3.4', 'idna>=2.0.0'],
+    'tls': ['pyOpenSSL>=17.5.0', 'cryptography>=1.3.4', 'idna>=2.0.0'],
 
 }
author	Joffrey F <joffrey@docker.com>	2018-10-17 13:52:39 -0700
committer	Joffrey F <joffrey@docker.com>	2018-10-17 13:52:39 -0700
commit	609045f343ac628f953bb3a8fe5b201700929b5c (patch)
tree	3123a5dc838de8953c6c9117ed060733ddec131e
parent	416ea74e3f4e1aa017a2a265f43e37afa7b6285e (diff)
download	docker-py-bump_pyopenssl.tar.gz