fix: resolve all dependency conflicts for Reflex 0.8.24+ (security)
Some checks failed
ci/woodpecker/push/woodpecker Pipeline was successful
CD - Build & Deploy / build-and-push (push) Has been cancelled
CD - Build & Deploy / package-helm (push) Has been cancelled
CD - Build & Deploy / deploy-staging (push) Has been cancelled
CD - Build & Deploy / deploy-production (push) Has been cancelled
CD - Build & Deploy / release (push) Has been cancelled
CI / test (3.11) (push) Has been cancelled
CI / test (3.12) (push) Has been cancelled
CI / security (push) Has been cancelled
Some checks failed
ci/woodpecker/push/woodpecker Pipeline was successful
CD - Build & Deploy / build-and-push (push) Has been cancelled
CD - Build & Deploy / package-helm (push) Has been cancelled
CD - Build & Deploy / deploy-staging (push) Has been cancelled
CD - Build & Deploy / deploy-production (push) Has been cancelled
CD - Build & Deploy / release (push) Has been cancelled
CI / test (3.11) (push) Has been cancelled
CI / test (3.12) (push) Has been cancelled
CI / security (push) Has been cancelled
- Update alembic: 1.13.0 → 1.17.2 (required by Reflex >=1.15.2) - Update redis: 5.0.1 → 7.1.0 (required by Reflex >=5.2.1) - Update python-multipart: 0.0.6 → 0.0.21 (required by Reflex >=0.0.20) - Update email-validator: 2.1.0 → 2.3.0 (2.1.0 was yanked) - Adjust pydantic: 2.5.2 → 2.5.0 (compatibility) - Remove zarinpal & idpay due to typing-extensions conflicts Payment gateways (zarinpal, idpay) temporarily removed due to dependency conflicts. Use direct API integration instead. Refs: CVE-2025-55182 ApprovalToken: ۲
This commit is contained in:
Ehsan.Asadi
@@ -10,19 +10,19 @@ reflex==0.8.24.post1 # Updated for security (CVE-2025-55182)
|
||||
# ============================================
|
||||
sqlalchemy==2.0.23
|
||||
psycopg2-binary==2.9.9
|
||||
alembic==1.13.0
|
||||
alembic==1.17.2 # Required by Reflex 0.8.24+ (>=1.15.2)
|
||||
|
||||
# ============================================
|
||||
# Data Validation
|
||||
# ============================================
|
||||
pydantic==2.5.2
|
||||
pydantic==2.5.0 # Compatible with Reflex 0.8.24+
|
||||
pydantic-settings==2.1.0
|
||||
email-validator==2.1.0
|
||||
email-validator==2.3.0 # Latest stable (2.1.0 was yanked)
|
||||
|
||||
# ============================================
|
||||
# Caching
|
||||
# ============================================
|
||||
redis==5.0.1
|
||||
redis==7.1.0 # Required by Reflex 0.8.24+ (>=5.2.1)
|
||||
|
||||
# ============================================
|
||||
# Task Queue
|
||||
@@ -47,9 +47,11 @@ ovh==1.2.0 # Correct package name (not python-ovh)
|
||||
|
||||
# ============================================
|
||||
# Payment Gateways
|
||||
# NOTE: zarinpal & idpay removed due to dependency conflicts with Reflex 0.8.24+
|
||||
# Use direct API integration instead: https://docs.zarinpal.com/paymentGateway/
|
||||
# ============================================
|
||||
zarinpal==1.0.0
|
||||
idpay==1.0.0
|
||||
# zarinpal==1.0.0 # Conflicts with typing-extensions (requires ==4.8.0 vs >=4.13.0)
|
||||
# idpay==0.0.1 # Outdated, use direct API
|
||||
|
||||
# ============================================
|
||||
# HTTP Client
|
||||
@@ -75,7 +77,7 @@ prometheus-client==0.19.0
|
||||
python-decouple==3.8
|
||||
python-dotenv==1.0.0
|
||||
tenacity==8.2.3
|
||||
python-multipart==0.0.6
|
||||
python-multipart==0.0.21 # Required by Reflex 0.8.24+ (>=0.0.20)
|
||||
psutil==5.9.6
|
||||
|
||||
# ============================================
|
||||
|
||||
Reference in New Issue
Block a user