There is a new CVE in the Python 'cryptography' library which is used in conjur-api-python and cyberark-conjur-cli (the Python based CLI). This is being flagged by Dependabot. While the affected function is not used in our code, we should still update the package version to avoid both false positive security scans as well as the remote chance that another library we use calls this function.
Implemented Changes
Updated cryptography to 42.0.5
Updated aiohttp to 3.9.3
Updated pyopenssl to 24.0.0
Include async-timeout at 4.0.3
Updated docker compose syntax for V2
Updated project Python to 3.11
Connected Issue/Story
CyberArk internal issue ID: CONJSE-1844
Definition of Done
At least 1 todo must be completed in the sections below for the PR to be
merged.
Changelog
[ ] The CHANGELOG has been updated, or
[ ] This PR does not include user-facing changes and doesn't require a
CHANGELOG update
Test coverage
[ ] This PR includes new unit and integration tests to go with the code
changes, or
[ ] The changes in this PR do not require tests
Documentation
[ ] Docs (e.g. READMEs) were updated in this PR
[ ] A follow-up issue to update official docs has been filed here: [insert issue ID]
[ ] This PR does not require updating any documentation
Behavior
[ ] This PR changes product behavior and has been reviewed by a PO, or
[ ] These changes are part of a larger initiative that will be reviewed later, or
[ ] No behavior was changed with this PR
Security
[ ] Security architect has reviewed the changes in this PR,
[ ] These changes are part of a larger initiative with a separate security review, or
[ ] There are no security aspects to these changes
Desired Outcome
There is a new CVE in the Python 'cryptography' library which is used in conjur-api-python and cyberark-conjur-cli (the Python based CLI). This is being flagged by Dependabot. While the affected function is not used in our code, we should still update the package version to avoid both false positive security scans as well as the remote chance that another library we use calls this function.
Implemented Changes
Connected Issue/Story
CyberArk internal issue ID: CONJSE-1844
Definition of Done
At least 1 todo must be completed in the sections below for the PR to be merged.
Changelog
Test coverage
Documentation
README
s) were updated in this PRBehavior
Security