Skip to content

Commit 6aa6cda

Browse files
fix(deps): address code review findings — VC-53657
1 parent 0c8d6c0 commit 6aa6cda

4 files changed

Lines changed: 6 additions & 10 deletions

File tree

Dockerfile

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,10 @@ FROM python:3.9-slim
22

33
WORKDIR /usr/src/app
44

5-
# Pin pip to CVE-safe version (25.0.1 has 4 CVEs; 25.3 is latest 3.9-compatible fix).
6-
# pip cannot be included in requirements-build.txt (pip-tools excludes the package manager).
7-
RUN pip install --no-cache-dir pip==25.3
5+
RUN echo "pip==25.3 --hash=sha256:9655943313a94722b7774661c21049070f6bbb0a1516bf02f7c8d5d9201514cd" \
6+
> /tmp/pip-pin.txt && pip install --no-cache-dir --require-hashes -r /tmp/pip-pin.txt
87

98
COPY requirements-build.txt ./
10-
COPY docker-entrypoint.sh ./
119
RUN pip install --no-cache-dir --require-hashes -r requirements-build.txt
1210

1311
COPY . .

docker-entrypoint.sh

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,6 @@ set -o pipefail
66

77
bandit -r vcert/
88

9-
# pip-audit replaces safety (see Jira VC-53657 for rationale).
10-
# Exit non-zero on findings is intentional; || true defers known 3.10+-only CVEs.
11-
pip-audit -r requirements-build.txt || true
9+
pip-audit -r requirements-build.txt
1210

1311
pytest -v --junit-xml=junit.xml --junit-prefix=`python -V | tr ' ' '_'` --cov=vcert --cov=vcert.parser --cov=vcert.policy --cov-report term --cov-report xml

setup.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,8 @@
1414
version='0.19.0',
1515
url="https://github.com/Venafi/vcert-python",
1616
packages=['vcert', 'vcert.parser', 'vcert.policy'],
17-
install_requires=['requests==2.32.4', 'python-dateutil==2.8.2', 'six==1.17.0',
18-
'cryptography==45.0.7', 'ruamel.yaml==0.18.13', 'pynacl==1.5.0'],
17+
install_requires=['requests==2.32.4', 'python-dateutil==2.9.0.post0', 'six==1.17.0',
18+
'cryptography==48.0.1', 'ruamel.yaml==0.18.17', 'pynacl==1.6.2'],
1919
description='Python client library for CyberArk Certificate Manager, Self-Hosted and CyberArk Certificate Manager, SaaS.',
2020
long_description=long_description,
2121
long_description_content_type="text/markdown",

vcert/pem.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -110,7 +110,7 @@ def as_pkcs12(self, passphrase=None):
110110
p_key = serialization.load_pem_private_key(data=self.key.encode(), password=b_pass,
111111
backend=default_backend())
112112
except Exception as e:
113-
get_logger().error(msg=f"Error parsing Private Key: {e.message}")
113+
get_logger().error(msg=f"Error parsing Private Key: {str(e)}")
114114
return
115115

116116
name = random_word(10).encode()

0 commit comments

Comments
 (0)