[Snyk] Specify version for authlib

fecgov / fecfile-web-api

Back-end API for FECfile application

8 stars 2 forks source link

[Snyk] Specify version for authlib #973

Closed exalate-issue-sync[bot] closed 1 month ago

exalate-issue-sync[bot] commented 1 month ago

Snyk is reporting a vulnerability in the authlib package in the requirements-test.txt file. This package is being brought in as a dependency of another package. Specify a version for authlib of at least 1.3.1 in order to resolve this vulnerability.

QA Notes

Unit tests should be passing.

DEV Notes

null

Design

null

FECFILE-1487

exalate-issue-sync[bot] commented 1 month ago

Matt Travers commented: Unit tests pass:

[https://app.circleci.com/pipelines/github/fecgov/fecfile-web-api/3946/workflows/7ec47400-cb3e-463d-8cc5-5fae72e66107/jobs/11885|https://app.circleci.com/pipelines/github/fecgov/fecfile-web-api/3946/workflows/7ec47400-cb3e-463d-8cc5-5fae72e66107/jobs/11885]

!image-20240717-205516.png|width=1427,height=477,alt="image-20240717-205516.png"!

exalate-issue-sync[bot] commented 1 month ago

Matt Travers commented: Passes CR. Sending to QA.

exalate-issue-sync[bot] commented 1 month ago

Matt Travers commented: Screenshot of configuration file showing version of authlib being used:

!image-20240718-132707.png|width=798,height=107,alt="image-20240718-132707.png"!

exalate-issue-sync[bot] commented 1 month ago

Shelly Wise commented: QA review verified with DEV Unit Test passing for this ticket. Verified configuration file showing version authlib 1.3.1 (see below DEV screenshot)

QA Review Completed. Moved to Stage Ready.

exalate-issue-sync[bot] commented 1 month ago

akhorsand commented: Accepted by Paul Clark at 7/30/24 sprint review.