pin pywps==4.5.0 and owslib==0.25.0 as tentative resolution of XML security issue (relates to geopython/pywps#616, geopython/pywps#618 and geopython/pywps#624)

fmigneault · fmigneault · commit 16d9a4fea9f2 · 2021-09-01T14:57:17.000-04:00
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -73,6 +73,11 @@ Fixes:
 - Fix some invalid definitions of execution inputs schemas under mapping with ``value`` sub-schema where key-based
   input IDs (using ``additionalProperties``) where replaced by the *variable* ``<input-id>`` name instead of their
   original names in the request body (from `#265 <https://github.com/crim-ca/weaver/issues/265>`_ since ``3.4.0``).
+- Fix XML security issue flag within dependencies to ``PyWPS`` and ``OWSLib`` by pinning requirements to
+  versions ``pywps==4.5.0`` and ``owslib==0.25.0`` (see following for details:
+  `geopython/pywps#616 <https://github.com/geopython/pywps/pull/616>`_,
+  `geopython/pywps#618 <https://github.com/geopython/pywps/pull/618>`_,
+  `geopython/pywps#624 <https://github.com/geopython/pywps/issues/624>`_).
 
 `3.5.0 <https://github.com/crim-ca/weaver/tree/3.5.0>`_ (2021-08-19)
 ========================================================================
diff --git a/requirements.txt b/requirements.txt
@@ -37,7 +37,7 @@ lxml
 mako
 # esgf-compute-api (cwt) needs oauthlib but doesn't add it in their requirements
 oauthlib
-owslib>=0.19.2
+owslib==0.25.0
 pymongo
 pyramid>=1.7.3
 pyramid_beaker>=0.8
@@ -46,7 +46,7 @@ pyramid_mako
 python-dateutil
 pyramid_rewrite
 pytz
-pywps==4.4.3
+pywps==4.5.0
 pyyaml>=5.2
 requests
 requests_file
