Bump `cryptography` to a newer version that fixes two known OpenSSL
vulnerabilities reported by Dependabot.
To make it work, also allow `impacket` 0.11.0, because it allows any
pyOpenSSL version, while 0.12.0 pinned it to a single version that
happens to be incompatible with the bugfixed `cryptography` version.
Also: drop spaces from `requirements.txt` files. Bots don't add them,
though they seem to be preferred in the official documentation:
https://pip.pypa.io/en/stable/reference/requirements-file-format/
https://github.com/fortra/impacket/blob/impacket_0_11_0/requirements.txt
https://github.com/fortra/impacket/blob/impacket_0_12_0/requirements.txt
Follow-up to
7d5f8be532c19ec73063aaa4f27057047bdae5ac #18708
Closes #18731
#
# SPDX-License-Identifier: curl
-cmakelang == 0.6.13
-codespell == 2.4.1
-pytype == 2024.10.11
-reuse == 5.1.1
-ruff == 0.13.1
+cmakelang==0.6.13
+codespell==2.4.1
+pytype==2024.10.11
+reuse==5.1.1
+ruff==0.13.1
#
# SPDX-License-Identifier: curl
-cryptography == 42.0.8
-filelock == 3.19.1
-psutil == 7.1.0
-pytest == 8.4.2
-pytest-xdist == 3.8.0
-websockets == 15.0.1
+cryptography==44.0.1
+filelock==3.19.1
+psutil==7.1.0
+pytest==8.4.2
+pytest-xdist==3.8.0
+websockets==15.0.1
#
# SPDX-License-Identifier: curl
-impacket == 0.12.0
+impacket>=0.11.0,<=0.12.0
projects / thirdparty / curl.git / commitdiff
