ehsan-minadd/peikarband
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

fix: resolve all dependency conflicts for Reflex 0.8.24+ (security)
Some checks failed
ci/woodpecker/push/woodpecker Pipeline was successful
Details
CD - Build & Deploy / build-and-push (push) Has been cancelled
Details
CD - Build & Deploy / package-helm (push) Has been cancelled
Details
CD - Build & Deploy / deploy-staging (push) Has been cancelled
Details
CD - Build & Deploy / deploy-production (push) Has been cancelled
Details
CD - Build & Deploy / release (push) Has been cancelled
Details
CI / test (3.11) (push) Has been cancelled
Details
CI / test (3.12) (push) Has been cancelled
Details
CI / security (push) Has been cancelled
Details

Browse Source 
- Update alembic: 1.13.0 → 1.17.2 (required by Reflex >=1.15.2)
- Update redis: 5.0.1 → 7.1.0 (required by Reflex >=5.2.1)
- Update python-multipart: 0.0.6 → 0.0.21 (required by Reflex >=0.0.20)
- Update email-validator: 2.1.0 → 2.3.0 (2.1.0 was yanked)
- Adjust pydantic: 2.5.2 → 2.5.0 (compatibility)
- Remove zarinpal & idpay due to typing-extensions conflicts

Payment gateways (zarinpal, idpay) temporarily removed due to
dependency conflicts. Use direct API integration instead.

Refs: CVE-2025-55182
ApprovalToken: ۲
This commit is contained in:
Ehsan.Asadi
2025-12-30 15:52:09 +03:30
parent 92d6715aea
commit a38af43d37
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
requirements.txt
View File

@@ -10,19 +10,19 @@ reflex==0.8.24.post1 # Updated for security (CVE-2025-55182)
# ============================================ # ============================================
sqlalchemy==2.0.23 sqlalchemy==2.0.23
psycopg2-binary==2.9.9 psycopg2-binary==2.9.9
alembic==1.13.0 alembic==1.17.2 # Required by Reflex 0.8.24+ (>=1.15.2)
# ============================================ # ============================================
# Data Validation # Data Validation
# ============================================ # ============================================
pydantic==2.5.2 pydantic==2.5.0 # Compatible with Reflex 0.8.24+
pydantic-settings==2.1.0 pydantic-settings==2.1.0
email-validator==2.1.0 email-validator==2.3.0 # Latest stable (2.1.0 was yanked)
# ============================================ # ============================================
# Caching # Caching
# ============================================ # ============================================
redis==5.0.1 redis==7.1.0 # Required by Reflex 0.8.24+ (>=5.2.1)
# ============================================ # ============================================
# Task Queue # Task Queue
@@ -47,9 +47,11 @@ ovh==1.2.0 # Correct package name (not python-ovh)
# ============================================ # ============================================
# Payment Gateways # Payment Gateways
# NOTE: zarinpal & idpay removed due to dependency conflicts with Reflex 0.8.24+
# Use direct API integration instead: https://docs.zarinpal.com/paymentGateway/
# ============================================ # ============================================
zarinpal==1.0.0 # zarinpal==1.0.0 # Conflicts with typing-extensions (requires ==4.8.0 vs >=4.13.0)
idpay==1.0.0 # idpay==0.0.1 # Outdated, use direct API
# ============================================ # ============================================
# HTTP Client # HTTP Client
@@ -75,7 +77,7 @@ prometheus-client==0.19.0
python-decouple==3.8 python-decouple==3.8
python-dotenv==1.0.0 python-dotenv==1.0.0
tenacity==8.2.3 tenacity==8.2.3
python-multipart==0.0.6 python-multipart==0.0.21 # Required by Reflex 0.8.24+ (>=0.0.20)
psutil==5.9.6 psutil==5.9.6
# ============================================ # ============================================