From 40842fad399e694539041de3e1fb78896e07878e Mon Sep 17 00:00:00 2001 From: SomberNight Date: Tue, 4 Feb 2025 16:52:03 +0000 Subject: [PATCH] requirements: bump electrum-ecc and electrum-aionostr note: these sdists are now reproducibly built. Ideally the person updating the pinned hash should be different from the one who uploaded the dep to PyPI and reproduce and verify the hash. This prevents hiding a backdoor in just the sdist uploaded to PyPI. but people can try to reproduce the PyPI sdists at any time and ring alarm bells if they can't --- contrib/deterministic-build/requirements.txt | 8 ++++---- contrib/requirements/requirements.txt | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/contrib/deterministic-build/requirements.txt b/contrib/deterministic-build/requirements.txt index 67f7d2fe3..81ec562f1 100644 --- a/contrib/deterministic-build/requirements.txt +++ b/contrib/deterministic-build/requirements.txt @@ -14,10 +14,10 @@ certifi==2024.2.2 \ --hash=sha256:0569859f95fc761b18b45ef421b1290a0f65f147e92a1e5eb3e635f9a5e4e66f dnspython==2.2.1 \ --hash=sha256:0f7569a4a6ff151958b64304071d370daa3243d15941a7beedf0c9fe5105603e -electrum-aionostr==0.0.6 \ - --hash=sha256:6eead6193edc6ab8455b7ddee1b3f4f5cb3c65d0ea1bdbdadb44506eb8f67092 -electrum-ecc==0.0.3 \ - --hash=sha256:c8ab69fecb294825367030da532b2d191883fa169789faa2942c256b4043d0a2 +electrum-aionostr==0.0.7 \ + --hash=sha256:e0b45d608977891c3bb4f6a4dee9a4e843fa661ceca31f81e7b992e65117070a +electrum-ecc==0.0.4 \ + --hash=sha256:70a78be3eea4cba41d968a0c880b14ce5bc85e189f897d652bd6fdfa7ea5cd7d frozenlist==1.3.3 \ --hash=sha256:58bcc55721e8a90b88332d6cd441261ebb22342e238296bb330968952fbb3a6a idna==3.6 \ diff --git a/contrib/requirements/requirements.txt b/contrib/requirements/requirements.txt index 860c32251..4f00c0b74 100644 --- a/contrib/requirements/requirements.txt +++ b/contrib/requirements/requirements.txt @@ -7,8 +7,8 @@ aiohttp_socks>=0.8.4 certifi attrs>=20.1.0 jsonpatch -electrum_ecc -electrum_aionostr>=0.0.6 +electrum_ecc>=0.0.4 +electrum_aionostr>=0.0.7 # Note that we also need the dnspython[DNSSEC] extra which pulls in cryptography, # but as that is not pure-python it cannot be listed in this file!