Skip to content

python: cve: use latest cryptography and urllib3 #169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
ader1990 wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

python: cve: use latest cryptography and urllib3 #169

ader1990 wants to merge 1 commit into from

Conversation

@ader1990
Copy link
Member

@ader1990 ader1990 commented Aug 21, 2025

Change-Id: I4c1994ab7dc27f902aa51ac6945776c23f9ff2fd

@ader1990 ader1990 force-pushed the use_requirements_no_cve branch from d26a551 to cff4ebb Compare August 21, 2025 13:03
@ader1990
python: cve: use latest cryptography and urllib3
b406227 
Use:
https://raw.githubusercontent.com/openstack/requirements/7d16424510c49daa913fc20a6300427b72522231/upper-constraints.txt
as baseline and then change:

```
cryptography: 43.0.3 to 44.0.1
urllib3: 1.26.20 to 2.5.0
```

Fixes the below pip-audit failures:

```
Found 2 known vulnerabilities in 2 packages
------------ ------- ------------------- -------
cryptography 43.0.3  GHSA-79v4-65xg-pq4g 44.0.1
urllib3      1.26.20 GHSA-pq67-6m6q-mj2v 2.5.0
```

Change-Id: I4c1994ab7dc27f902aa51ac6945776c23f9ff2fd
Signed-off-by: Adrian Vladu <avladu@cloudbasesolutions.com>
@ader1990 ader1990 force-pushed the use_requirements_no_cve branch from cff4ebb to b406227 Compare December 17, 2025 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ader1990