Commit 5ff492a
fix(deps): bump cryptography 46.0.7 -> 48.0.1 (GHSA-537c-gmf6-5ccf)
pip-audit on the core requirements.txt found exactly one fixable vuln:
cryptography 46.0.7 (GHSA-537c-gmf6-5ccf), fixed in 48.0.1. The pin <47.0.0
blocked it; widened to >=48.0.1,<49.0.0. The deployed image installs only
requirements.txt (Dockerfile:28); the <47/<48 transitive pins
(prowler-cloud/oci/alibaba/pyopenssl) are local dev extras not in core, and CSPM
uses the prowler CLI binary via subprocess, so the deployed product is
unaffected. Verified on cryptography 48: 40 crypto-hardening + 33 jwt/signed-
evidence + 181 smoke tests pass, create_app boots.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>1 parent f5f6dc1 commit 5ff492a
2 files changed
Lines changed: 3 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
554 | 554 | | |
555 | 555 | | |
556 | 556 | | |
| 557 | + | |
| 558 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
14 | 14 | | |
15 | 15 | | |
16 | 16 | | |
17 | | - | |
| 17 | + | |
18 | 18 | | |
19 | 19 | | |
20 | 20 | | |
| |||
0 commit comments