Fix CVE · camptocamp/c2cciutils@4c768a4

Commit

Fix CVE

    Upgrade cryptography@38.0.4 to cryptography@39.0.1 to fix
    ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3172287] in cryptography@38.0.4
      introduced by cryptography@38.0.4 and 5 other path(s)
    ✗ Expected Behavior Violation (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3314966] in cryptography@38.0.4
      introduced by cryptography@38.0.4 and 5 other path(s)
    ✗ Use After Free (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315324] in cryptography@38.0.4
      introduced by cryptography@38.0.4 and 5 other path(s)
    ✗ Timing Attack (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315331] in cryptography@38.0.4
      introduced by cryptography@38.0.4 and 5 other path(s)
    ✗ Denial of Service (DoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315452] in cryptography@38.0.4
      introduced by cryptography@38.0.4 and 5 other path(s)
    ✗ Denial of Service (DoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315972] in cryptography@38.0.4
      introduced by cryptography@38.0.4 and 5 other path(s)
    ✗ Denial of Service (DoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315975] in cryptography@38.0.4
      introduced by cryptography@38.0.4 and 5 other path(s)
    ✗ Denial of Service (DoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3316038] in cryptography@38.0.4
      introduced by cryptography@38.0.4 and 5 other path(s)
    ✗ Access of Resource Using Incompatible Type ('Type Confusion') (new) [High Severity][https://security.snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315328] in cryptography@38.0.4
      introduced by cryptography@38.0.4 and 5 other path(s)
    ✗ Denial of Service (DoS) (new) [High Severity][https://security.snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3316211] in cryptography@38.0.4
      introduced by cryptography@38.0.4 and 5 other path(s)

Loading branch information

sbrunner committed Feb 10, 2023

1 parent 85fbf7b commit 4c768a4

poetry.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

pyproject.toml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -109,7 +109,7 @@ poetry-plugin-tweak-dependencies-version = { version = "1.0.0", optional = true
  
    poetry = { version = "1.2.1", optional = true }

    poetry-core = { version = "1.2.0", optional = true }

    protobuf = { version = "4.21.12", optional = true }

    cryptography = "38.0.4"

    cryptography = "39.0.1"

    certifi = "2022.12.7"

    [tool.poetry.extras]

requirements.txt

-Original file line number
+Diff line change
@@ -1,5 +1,4 @@
-    poetry==1.2.2
-    poetry-core==1.3.2
+    poetry==1.3.2
     poetry-plugin-export==1.2.0
     poetry-dynamic-versioning[plugin]==0.20.0
     poetry-plugin-tweak-dependencies-version==1.1.0
@@ Expand Down @@

0 comments on commit `4c768a4`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `4c768a4`

Commit

There are no files selected for viewing

0 comments on commit 4c768a4

0 comments on commit `4c768a4`