Security fix - CVE-2022-39227 (#95)

* updated security docs, typos * updated min python-jwt version allowed --------- Co-authored-by: Joshua (codemation) <[email protected]>
codemation · Mar 9, 2023 · e8e8aa0 · e8e8aa0
1 parent dc0b488
commit e8e8aa0
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 7 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -5,7 +5,7 @@ Security is always top of mind especially when it comes to Authenticaiton and Au
 As `EasyAuth` is a plugin for FastAPI, the aim is to always support the latest release of FastAPI. Due to obvious time contraints, there can be delays & bugs introduced when using later versions of FastAPI with EasyAuth.
 
 ## Security Issues
-Issues relating to vulnerabilities are natuarally quite sensitive to discuss in a public issue. When or if such a bug is discovered, please email me @codemation - [email protected] to provide details on the bug, how / where it is observed, and code examples where feasible.
+Issues relating to vulnerabilities are naturally quite sensitive to discuss in a public issue. When or if such a bug is discovered, please email me @codemation - [email protected] to provide details on the bug, how / where it is observed, and code examples where feasible.
 
 ---
 Thanks for your contributions.
diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -6,4 +6,5 @@ requests==2.26.0
 pydbantic[sqlite]
 pre-commit==2.15.0
 asgi-lifespan==2.0.0
-httpx==0.23.3
+httpx==0.23.3
+pytest-env==0.8.1
diff --git a/requirements.txt b/requirements.txt
@@ -1,14 +1,14 @@
 pydbantic>=0.0.36
 bcrypt>=3.2.0
-python-jwt==3.3.0
+python-jwt>=3.3.4
 makefun==1.9.5
 fastapi>=0.89.1
 uvicorn>=0.15.0
 PyJWT>=2.0.0
 python-multipart>=0.0.5
 easyadmin==0.170
 fastapi-mail>=0.3.7
-gunicorn==20.1.0
+gunicorn>=20.1.0
 email-validator==1.1.3
 easyrpc==0.245
 google-api-python-client==2.26.1

diff --git a/setup.py b/setup.py
@@ -3,8 +3,8 @@
 BASE_REQUIREMENTS = [
     "makefun==1.9.5",
     "easyschedule==0.107",
-    "PyJWT==2.0.0",
-    "python-jwt==3.3.0",
+    "PyJWT>=2.0.0",
+    "python-jwt>=3.3.4",
     "fastapi>=0.89.0",
     "uvicorn",
     "python-multipart>=0.0.5",
@@ -13,7 +13,7 @@
 ]
 SERVER_REQUIREMENTS = [
     "pydbantic>=0.0.36",
-    "cryptography==35.0.0",
+    "cryptography>=35.0.0",
     "bcrypt>=3.2.0",
     "example==0.1.0",
     "httptools==0.3.0",