build(requirements): pin 'itsdangerous' to < 2.1

'flask-oidc' 1.4.0 (latest) still use 'JSONWebSignatureSerializer' which was removed in 'itsdangerous' v2.1. Until puiterwijk/flask-oidc#144 is merged and a new version of flask-oidc is released, it's necessary to pin 'itsdangerous' to a version below 2.1 if 'flask-oidc' is used. References: puiterwijk/flask-oidc#147 https://itsdangerous.palletsprojects.com/en/2.1.x/changes/#version-2-1-0
Pagure · Jan 22, 2023 · 7d6573a · 7d6573a
1 parent efc12ec
commit 7d6573a
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/requirements-testing.txt b/requirements-testing.txt
@@ -5,7 +5,12 @@ cryptography <= 36.0.0
 eventlet <= 0.33.2
 fedmsg <= 1.1.2
 flake8 <= 4.0.1
+
+# Important: Until https://github.com/puiterwijk/flask-oidc/pull/144 is merged and a new version of flask-oidc is released,
+# it's necessary to ensure `itsdangerous` is pinned to a version lower as 2.1 as well.
 flask-oidc <= 1.4.0
+itsdangerous < 2.1          
+
 mock <= 4.0.3
 pagure-messages >= 0.0.1
 pytest <= 6.2.5

diff --git a/requirements.txt b/requirements.txt
@@ -38,7 +38,10 @@ whitenoise <= 6.2.0
 wtforms <= 3.0.1
 
 # Required only for the `oidc` authentication backend
+# Important: Until https://github.com/puiterwijk/flask-oidc/pull/144 is merged and a new version of flask-oidc is released, 
+# it's necessary to ensure `itsdangerous` is pinned to a version lower as 2.1 as well.
 # flask-oidc <= 1.4.0
+# itsdangerous < 2.1
 
 # Required only if `USE_FLASK_SESSION_EXT` is set to `True`
 # flask-session