upgrade `cryptography` dependency?

Matatika / tap-google-sheets

tap-google-sheets, singer tap built with the Meltano SDK

GNU Affero General Public License v3.0

2 stars 9 forks source link

upgrade `cryptography` dependency? #19

Closed bdewilde closed 5 months ago

bdewilde commented 5 months ago

Hi! The version of cryptography pinned in your lockfile, v41.0.6, has a couple of CVEs against it that have since been patched:

CVE-2024-26130
CVE-2023-50782

Would it be possible to bump this dependency to v42.0.4, to mitigate these CVEs?

ReubenFrankel commented 5 months ago

Yep, I'll get on it now.

ReubenFrankel commented 5 months ago

Give that a go @bdewilde

bdewilde commented 5 months ago

all clear, @ReubenFrankel ! thanks very much for the quick fix.

edgarrmondragon commented 1 month ago

One of my hopes with https://github.com/meltano/sdk/pull/2525 is to save some maintainers from this unnecessary burden of addressing vulns for packages they don't even need :)