-
Notifications
You must be signed in to change notification settings - Fork 34
Expand file tree
/
Copy pathpyproject.toml
More file actions
59 lines (54 loc) · 1.88 KB
/
Copy pathpyproject.toml
File metadata and controls
59 lines (54 loc) · 1.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
[project]
name = "iam-proxy-italia"
version = "3.3.0"
description = "IAM Proxy Italia"
authors = [
{name = "Giuseppe De Marco",email = "demarcog83@gmail.com"}
]
license = {text = "Apache 2.0"}
readme = "README.md"
requires-python = ">=3.10,<4.0"
dependencies = [
"pip>=26.1", # CVE-2026-1703, CVE-2026-3219
"setuptools>=78.1.1", # PYSEC-2022-43012, PYSEC-2025-49, CVE-2024-6345
"pysaml2 @ git+https://github.com/peppelinux/pysaml2@pplnx-v7.5.4-1",
"satosa @ git+https://github.com/peppelinux/SATOSA@pplnx-v8.5.2",
"satosa-oidcop==4.1.0",
"pyeudiw[satosa] @ git+https://github.com/italia/eudi-wallet-it-python@2.2.0",
"aiohttp (>=3.14.1,<4.0.0)", # CVE-2026-34513 et al.; fixed in 3.13.4
"cbor2 (>=5.9.0)", # CVE-2026-26209
"cryptography (>=46.0.7)", # CVE-2026-34073, CVE-2026-39892
"ecdsa (>=0.19.2)", # CVE-2024-23342, CVE-2026-33936
"pillow (>=12.2.0)", # CVE-2026-40192
"requests (>=2.33.0)", # CVE-2026-25645
"uwsgi (>=2.0.28,<3.0.0)",
"werkzeug>=3.1.6" # CVE-2026-27199: safe_join Windows device names; fixed in 3.1.6
]
[project.optional-dependencies]
test = [
"pytest (>=9.0.3)", # CVE-2025-71176
"pytest-cov",
"flake8",
"spid-sp-test",
"pytest-asyncio",
"pygments (>=2.20.0)", # CVE-2026-4539
"pyOpenSSL>=26.0.0",
"pip-audit (>=2.10.0,<3.0.0)",
"lxml (>=6.1.0)", # CVE-2026-41066: safe resolve_entities default for all parsers
]
[tool.poetry]
package-mode = false
[build-system]
requires = ["poetry-core>=2.0.0,<3.0.0"]
build-backend = "poetry.core.masonry.api"
[tool.coverage.run]
source = ["backends.cieoidc"]
omit = ["*/endpoints/extend_session_endpoint*", "*/storage/interfaces/storage*","*/utils/handlers/*", "*/tests/*", "*/__pycache__/*"]
[tool.coverage.report]
exclude_lines = [
"pragma: no cover",
"def __repr__",
"raise NotImplementedError",
]
show_missing = true
skip_covered = false