From 2d08a2a73174d7aca71060e122a98e1aaee1343e Mon Sep 17 00:00:00 2001 From: Diana Huang Date: Wed, 3 May 2023 11:08:30 -0400 Subject: [PATCH] fix: Unpin SAML library. (#32167) We were using an old version of the python3-saml library, which was causing issues with newer versions of social-core. The reason it was pinned was because our etree implementation didn't support several fields that the saml library did, so we are now importing those entities as well. --- openedx/core/lib/safe_lxml/etree.py | 4 +++- requirements/constraints.txt | 3 --- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/openedx/core/lib/safe_lxml/etree.py b/openedx/core/lib/safe_lxml/etree.py index 21593f06ef..5555d13108 100644 --- a/openedx/core/lib/safe_lxml/etree.py +++ b/openedx/core/lib/safe_lxml/etree.py @@ -16,7 +16,9 @@ isort:skip_file from lxml.etree import XMLParser as _XMLParser from lxml.etree import * # lint-amnesty, pylint: disable=redefined-builtin -from lxml.etree import _Element, _ElementTree +# These private elements are used in some libraries to also defuse xml exploits for their own purposes. +# We need to re-expose them so that the libraries still work. +from lxml.etree import _Comment, _Element, _ElementTree, _Entity, _ProcessingInstruction # This should be imported after lxml.etree so that it overrides the following attributes. from defusedxml.lxml import XML, fromstring, parse diff --git a/requirements/constraints.txt b/requirements/constraints.txt index ad9e53bb99..fadfe99527 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -40,9 +40,6 @@ matplotlib<3.4.0 # Major upgrade will be done in separate ticket. pymongo<4.0.0 -# python3-saml==1.10.0 version started breaking a11y tests -python3-saml<1.10.0 - # greater version has breaking changes and requires some migration steps. django-webpack-loader==0.7.0