From 7d6573a31c17bff662f618f923dd0eb6e5c9b385 Mon Sep 17 00:00:00 2001
From: Dominik Wombacher <dominik@wombacher.cc>
Date: Sat, 21 Jan 2023 15:58:14 +0100
Subject: [PATCH] build(requirements): pin 'itsdangerous' to < 2.1

'flask-oidc' 1.4.0 (latest) still use 'JSONWebSignatureSerializer' which was removed in 'itsdangerous' v2.1.
Until https://github.com/puiterwijk/flask-oidc/pull/144 is merged and a new version of flask-oidc is released,
it's necessary to pin 'itsdangerous' to a version below 2.1 if 'flask-oidc' is used.

References:
https://github.com/puiterwijk/flask-oidc/issues/147
https://itsdangerous.palletsprojects.com/en/2.1.x/changes/#version-2-1-0
---
 requirements-testing.txt | 5 +++++
 requirements.txt         | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/requirements-testing.txt b/requirements-testing.txt
index c1145c77a..547e862c4 100644
--- a/requirements-testing.txt
+++ b/requirements-testing.txt
@@ -5,7 +5,12 @@ cryptography <= 36.0.0
 eventlet <= 0.33.2
 fedmsg <= 1.1.2
 flake8 <= 4.0.1
+
+# Important: Until https://github.com/puiterwijk/flask-oidc/pull/144 is merged and a new version of flask-oidc is released,
+# it's necessary to ensure `itsdangerous` is pinned to a version lower as 2.1 as well.
 flask-oidc <= 1.4.0
+itsdangerous < 2.1          
+
 mock <= 4.0.3
 pagure-messages >= 0.0.1
 pytest <= 6.2.5
diff --git a/requirements.txt b/requirements.txt
index 690ef681c..38b6351cd 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -38,7 +38,10 @@ whitenoise <= 6.2.0
 wtforms <= 3.0.1
 
 # Required only for the `oidc` authentication backend
+# Important: Until https://github.com/puiterwijk/flask-oidc/pull/144 is merged and a new version of flask-oidc is released, 
+# it's necessary to ensure `itsdangerous` is pinned to a version lower as 2.1 as well.
 # flask-oidc <= 1.4.0
+# itsdangerous < 2.1
 
 # Required only if `USE_FLASK_SESSION_EXT` is set to `True`
 # flask-session