Allow higher versions of cryptography to prevent CVE-2023-50782

databrickslabs / dbx

🧱 Databricks CLI eXtensions - aka dbx is a CLI tool for development and advanced Databricks workflows management.

https://dbx.readthedocs.io

Other

439 stars 120 forks source link

Allow higher versions of cryptography to prevent CVE-2023-50782 #861

Closed MartinRoth closed 3 months ago

MartinRoth commented 7 months ago

Expected Behavior

cryptography>=42.0.0 should be possible

Current Behavior

cryptography is pinned to < 42.0.0

renardeinside commented 7 months ago

Hi Martin, working on that - thanks a lot for raising the issue!

henryhueske commented 3 months ago

Hi @renardeinside, what is the current status of the fix? The last release is now almost one year ago and the security issue is now open since 4 months. Thanks for an update! Best, Henry

renardeinside commented 3 months ago

almost ready in #863

MartinRoth commented 3 months ago

Hi, is there anything we can do to help? It looks like the two checks are actually not executed ...

renardeinside commented 3 months ago

done, deployed with 0.8.19