Upgrade Werkzeug to version 3.0.3 to address CVE-2024-34069 Signed-off-by: Nickle Wang <nick...@nvidia.com> Cc: Abner Chang <abner.ch...@amd.com> Cc: Igor Kulchytskyy <ig...@ami.com> Cc: Nick Ramirez <nrami...@nvidia.com> --- Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py | 7 ++++--- Tools/Redfish-Profile-Simulator/requirements.txt | 6 ++---- 2 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py b/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py index 91c792a2b..58697328a 100644 --- a/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py +++ b/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py @@ -1,6 +1,7 @@ # Copyright Notice: # # Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2024, NVIDIA CORPORATION & AFFILIATES. All rights reserved. # SPDX-License-Identifier: BSD-2-Clause-Patent # # Copyright Notice: @@ -89,8 +90,8 @@ class PreconditionRequired(werkzeug.exceptions.HTTPException): def main(argv): #Monkey patch the set_etag() method for conditional request. - _old_set_etag = werkzeug.ETagResponseMixin.set_etag - @functools.wraps(werkzeug.ETagResponseMixin.set_etag) + _old_set_etag = werkzeug.wrappers.Response.set_etag + @functools.wraps(werkzeug.wrappers.Response.set_etag) def _new_set_etag(self, etag, weak=False): # only check the first time through; when called twice # we're modifying @@ -107,7 +108,7 @@ def main(argv): raise NotModified flask.g.condtnl_etags_start = False _old_set_etag(self, etag, weak) - werkzeug.ETagResponseMixin.set_etag = _new_set_etag + werkzeug.wrappers.Response.set_etag = _new_set_etag # set default option args rf_profile_path = os.path.abspath("./MockupData/SimpleOcpServerV1") diff --git a/Tools/Redfish-Profile-Simulator/requirements.txt b/Tools/Redfish-Profile-Simulator/requirements.txt index 359a81446..83d2d8130 100644 --- a/Tools/Redfish-Profile-Simulator/requirements.txt +++ b/Tools/Redfish-Profile-Simulator/requirements.txt @@ -1,5 +1,3 @@ -Werkzeug==0.16 -Jinja2==3.0.3 -itsdangerous==2.0.1 -flask==1.1.1 +Werkzeug>=3.0.3 +flask==3.0.0 pyOpenSSL -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118664): https://edk2.groups.io/g/devel/message/118664 Mute This Topic: https://groups.io/mt/105977266/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-