Open lbeaufort opened 1 month ago
David Heitzer commented: After doing some research, the solution may be to move to jwcrypto for all jwk/jws operations. This is what the [trussworks library|https://github.com/trussworks/logindotgov-oidc-py/blob/main/logindotgov/oidc.py] does and according to [pyopenssl|https://pypi.org/project/pyOpenSSL/], the cryptography library should be used instead where possible (this is what jwcrypto uses).
Shelly Wise commented: No QA review needed on this ticket.
Moved to Stage Ready.
Snyk links https://app.snyk.io/org/fecfile/project/e7c50dce-96a9-4313-818b-069a631aa5bc#issue-SNYK-PYTHON-PYOPENSSL-6157250 https://app.snyk.io/org/fecfile/project/e7c50dce-96a9-4313-818b-069a631aa5bc#issue-SNYK-PYTHON-PYOPENSSL-6149520 https://app.snyk.io/org/fecfile/project/e7c50dce-96a9-4313-818b-069a631aa5bc#issue-SNYK-PYTHON-PYOPENSSL-6592766
Introduced through josepy@1.14.0 › pyopenssl@24.2.1
We'll probably need to wait until a new version of
josepy
is released and https://github.com/certbot/josepy/issues/181 is resolved. This may have breaking changes. https://github.com/certbot/josepy/pull/182QA Notes
null
DEV Notes
null
Design
null
See full ticket and images here: FECFILE-1634