From f6782f5107fe274657658854eaac5e796ec90a19 Mon Sep 17 00:00:00 2001
From: Daniel Porter <dpreid@gmail.com>
Date: Wed, 28 Jun 2023 15:14:00 +0100
Subject: [PATCH 1/3] Allow networkx<3 for Python 3.7 or newer

This change brings in a conditional dependency for networkx, preventing
2.6 or later being installed for a Python 3.6 environment, but allowing
v2.7 or 2.8 for newer versions.

This should allow for non EOL versions of Python to install a version of
networkx that doesn't have the CVE vulnerability.
---
 requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 1d5ca55a..d87aa029 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,7 +3,8 @@ eventlet
 Jinja2>=2.11 # BSD License (3 clause)
 jsonschema!=2.5.0,<3.0.0,>=2.0.0 # MIT
 # networkx v2.6 does not support Python3.6.  Update networkx to match st2
-networkx>=2.5.1,<2.6
+networkx>=2.5.1,<2.6; python_version < '3.7'
+networkx>=2.5.1,<3; python_version >= '3.7'
 python-dateutil
 PyYAML>=3.1.0 # MIT
 six>=1.9.0

From 487c43b7c38079176738fc40dc53ba2864780901 Mon Sep 17 00:00:00 2001
From: Eugen C <1533818+armab@users.noreply.github.com>
Date: Mon, 25 Sep 2023 11:37:42 +0100
Subject: [PATCH 2/3] Update networkx >=2.6 for py3.8

---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index d87aa029..6bcb3c96 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,7 +4,7 @@ Jinja2>=2.11 # BSD License (3 clause)
 jsonschema!=2.5.0,<3.0.0,>=2.0.0 # MIT
 # networkx v2.6 does not support Python3.6.  Update networkx to match st2
 networkx>=2.5.1,<2.6; python_version < '3.7'
-networkx>=2.5.1,<3; python_version >= '3.7'
+networkx>=2.6,<3; python_version >= '3.7'
 python-dateutil
 PyYAML>=3.1.0 # MIT
 six>=1.9.0

From 7dadd4cfa0e01a2fd65a545fbcdaad363bee4c68 Mon Sep 17 00:00:00 2001
From: Eugen C <1533818+armab@users.noreply.github.com>
Date: Mon, 25 Sep 2023 11:41:24 +0100
Subject: [PATCH 3/3] Add a changelog for networkx update

---
 CHANGELOG.rst | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 4a89f8bf..d8fe90e9 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,6 +1,15 @@
 Changelog
 =========
 
+In Development
+--------------
+
+Changed
+~~~~~~~
+
+* Update networkx >=2.6 for Python 3.8 to fix insecure deserialization #255 (improvement)
+  Contributed by @Stealthii
+
 1.5.0
 -----