Closed SaptakS closed 3 years ago
SaptakS
commented
3 years ago Removing cryptography update from Pipfile fixes the CI fails since pipenv is used in CI and cryptography version was mismatching. @harrislapiroff should I add an ignore for now? I feel we will eventually have to address this
harrislapiroff
commented
3 years ago Add an ignore for now. Is there an upstream issue in pshtt that we can nag someone about?
SaptakS
commented
3 years ago https://github.com/cisagov/pshtt/issues/209 and https://github.com/cisagov/pshtt/pull/211 seems to be addressed towards the incompatibility between the updated version of sslyze and pshtt which caused them to pin the dependency version number
cryptography is only updated in pipfile.lock. In requirements, cryptography is a dependency of pyopenssl and sslyze. Even though pyopenssl's latest version has a
>=2.8for cryptography, but the sslyze version that we are using (because pshtt not compatible with more updated versions of sslyze) has a pinned dependency on==2.5of cryptography. Not sure there is a good solution for it.