Skip to content

Commit 6b2ecf7

Browse files
fix(deps): bump CVE-affected deps [VC-53657, VC-53626] (#204)
* fix(deps): bump CVE-affected deps and replace safety with pip-audit — VC-53657 * fix(deps): address code review findings — VC-53657 * fix(deps): convert setup.py install_requires to range constraints — VC-53626
1 parent 7c42fe8 commit 6b2ecf7

8 files changed

Lines changed: 340 additions & 167 deletions

File tree

Dockerfile

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,10 @@ FROM python:3.9-slim
22

33
WORKDIR /usr/src/app
44

5+
RUN echo "pip==25.3 --hash=sha256:9655943313a94722b7774661c21049070f6bbb0a1516bf02f7c8d5d9201514cd" \
6+
> /tmp/pip-pin.txt && pip install --no-cache-dir --require-hashes -r /tmp/pip-pin.txt
7+
58
COPY requirements-build.txt ./
6-
COPY docker-entrypoint.sh ./
79
RUN pip install --no-cache-dir --require-hashes -r requirements-build.txt
810

911
COPY . .

docker-entrypoint.sh

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,6 @@ set -o pipefail
66

77
bandit -r vcert/
88

9-
# ID 40291 is pip, ignore so we can still test python 2.7
10-
#Ignoring false-positive issue with pytest. ref: https://github.com/pytest-dev/py/issues/287
11-
safety check -i 40291 -i 51457
9+
pip-audit -r requirements-build.txt
1210

1311
pytest -v --junit-xml=junit.xml --junit-prefix=`python -V | tr ' ' '_'` --cov=vcert --cov=vcert.parser --cov=vcert.policy --cov-report term --cov-report xml

requirements-build.in

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
-r requirements.in
2-
pytest==7.4.3
3-
pytest-cov==4.1.0
4-
safety==2.3.5
5-
bandit==1.7.7
2+
pip-audit==2.9.0
3+
pytest==8.4.2
4+
pytest-cov==7.1.0
5+
bandit==1.8.6

requirements-build.txt

Lines changed: 235 additions & 94 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

requirements.in

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
requests==2.32.4
2-
python-dateutil==2.8.2
3-
cryptography==45.0.7
2+
python-dateutil==2.9.0.post0
3+
cryptography==48.0.1
44
six==1.17.0
5-
ruamel.yaml==0.18.13
6-
pynacl==1.5.0
5+
ruamel.yaml==0.18.17
6+
pynacl==1.6.2

requirements.txt

Lines changed: 89 additions & 58 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

setup.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,9 @@
1414
version='0.20.0',
1515
url="https://github.com/Venafi/vcert-python",
1616
packages=['vcert', 'vcert.parser', 'vcert.policy'],
17-
install_requires=['requests==2.32.4', 'python-dateutil==2.8.2', 'six==1.17.0',
18-
'cryptography==45.0.7', 'ruamel.yaml==0.18.13', 'pynacl==1.5.0'],
17+
install_requires=['requests>=2.32.4', 'python-dateutil>=2.9.0.post0', 'six>=1.17.0',
18+
'cryptography>=48.0.1,<50', 'ruamel.yaml>=0.18.17,<0.19', 'pynacl>=1.6.2'],
19+
python_requires='>=3.9.2,<4',
1920
description='Python client library for CyberArk Certificate Manager, Self-Hosted and CyberArk Certificate Manager, SaaS.',
2021
long_description=long_description,
2122
long_description_content_type="text/markdown",

vcert/pem.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -110,7 +110,7 @@ def as_pkcs12(self, passphrase=None):
110110
p_key = serialization.load_pem_private_key(data=self.key.encode(), password=b_pass,
111111
backend=default_backend())
112112
except Exception as e:
113-
get_logger().error(msg=f"Error parsing Private Key: {e.message}")
113+
get_logger().error(msg=f"Error parsing Private Key: {str(e)}")
114114
return
115115

116116
name = random_word(10).encode()

0 commit comments

Comments
 (0)