Skip to content

Commit

Permalink
Security/pin cryptography 41.0.2 (#258)
Browse files Browse the repository at this point in the history 
* Pin cryptography dep to address mishandled SSH certs

* Add section to pyproject.toml for pinned deps

* Make pinned dep section more general
  • Loading branch information
@whabanks
whabanks authored Nov 23, 2023
1 parent cf57bb2 commit 356b90b
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 25 deletions.
52 changes: 28 additions & 24 deletions poetry.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,9 @@ boto3 = "1.28.84"
werkzeug = "2.3.7"
itsdangerous = "2.1.2"

certifi = "^2023.7.22" # Pinned for security issue: https://github.com/cds-snc/notification-utils/security/dependabot/22
# Pinned dependencies
certifi = "^2023.7.22" # pinned for security reasons: https://github.com/cds-snc/notification-utils/security/dependabot/22
cryptography = "^41.0.2" # pinned for security reasons: https://github.com/cds-snc/notification-utils/security/dependabot/21

[tool.poetry.group.test.dependencies]
pytest = "7.4.3"
Expand Down

0 comments on commit 356b90b

Please sign in to comment.