From 93441c3e4569b7fe115ffeebd3c6c8707611da3f Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
Date: Mon, 6 Sep 2021 13:56:35 +0200
Subject: [PATCH] fragattacks: avoid python dependency with vulnerability

The py dependency in requirements.txt causes a security warning on
GitHub and attracts automated bug hunters (without the hunters verifying
the relevancy of the finding). Avoid this.

Flaws in py: CVE-2020-29651
Vulnerable versions: < 1.10.0
Patched version: 1.10.0
Description: A denial of service via regular expression in the py.path.svnwc
component of py (aka python-py) through 1.9.0 could be used by attackers to
cause a compute-time denial of service attack by supplying malicious input
to the blame functionality.

This fixes #40
---
 research/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/research/requirements.txt b/research/requirements.txt
index ccd2b8d57..9551abc2e 100644
--- a/research/requirements.txt
+++ b/research/requirements.txt
@@ -4,7 +4,7 @@ more-itertools==8.2.0
 mpmath==1.1.0
 packaging==20.1
 pluggy==0.13.1
-py==1.8.1
+py==1.10.0
 pycryptodome==3.9.7
 pyparsing==2.4.6
 pytest==5.3.5