Bump pysaml2 requeriment to avoid CVE-2020-5390

Although, Keystone doesn't use the pysaml2 signature on [0] Would be nice to bump the pysaml2 version for, at least, 5.0.0[1] in order to have the the CVE fix included[2]. [0]https://opendev.org/openstack/keystone/src/branch/master/keystone/federation/idp.py#L440-L521 [1] https://github.com/IdentityPython/pysaml2/releases/tag/v5.0.0 [2] https://github.com/advisories/GHSA-qf7v-8hj3-4xw7 Change-Id: I1d3776f7f1feb6485feecb140703f23027ca3a6f
author: Raildo Mascena <rmascena@localhost.localdomain> 2020-08-19 14:05:31 -0300
committer: Raildo Mascena <rmascena@redhat.com> 2020-08-24 15:31:55 -0300
commit: c0d63cecd8c082fbde9843b3ebc2d465ad341d35 (patch)
tree: a86d8a08528cb3815092fa4f8b4c67121ed4ad5c
parent: 7d6c71ba26694c21110280e741b9ffe2d36a94ca (diff)
download: keystone-c0d63cecd8c082fbde9843b3ebc2d465ad341d35.tar.gz
2 files changed, 2 insertions, 2 deletions
diff --git a/lower-constraints.txt b/lower-constraints.txt
index fefc5535e..6f3bcec04 100644
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@@ -46,7 +46,7 @@ pycadf==1.1.0
 pycodestyle==2.0.0
 python-ldap===3.0.0
 pymongo===3.0.2
-pysaml2==4.5.0
+pysaml2==5.0.0
 PyJWT==1.6.1
 PyMySQL==0.7.6
 python-keystoneclient==3.8.0
diff --git a/requirements.txt b/requirements.txt
index 9e0473078..7084bee9c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -28,7 +28,7 @@ oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
 oslo.upgradecheck>=0.1.0 # Apache-2.0
 oslo.utils>=3.33.0 # Apache-2.0
 oauthlib>=0.6.2 # BSD
-pysaml2>=4.5.0
+pysaml2>=5.0.0
 PyJWT>=1.6.1 # MIT
 dogpile.cache>=0.6.2 # BSD
 jsonschema>=3.2.0 # MIT
author	Raildo Mascena <rmascena@localhost.localdomain>	2020-08-19 14:05:31 -0300
committer	Raildo Mascena <rmascena@redhat.com>	2020-08-24 15:31:55 -0300
commit	c0d63cecd8c082fbde9843b3ebc2d465ad341d35 (patch)
tree	a86d8a08528cb3815092fa4f8b4c67121ed4ad5c
parent	7d6c71ba26694c21110280e741b9ffe2d36a94ca (diff)
download	keystone-c0d63cecd8c082fbde9843b3ebc2d465ad341d35.tar.gz