eloquence
commented
1 year ago Hi @nabla-c0d3, do you have bandwidth to work on this or do you need help with it? This would unblock some dependency updates for us.
Closed jauderho closed 1 year ago
eloquence
commented
1 year ago Hi @nabla-c0d3, do you have bandwidth to work on this or do you need help with it? This would unblock some dependency updates for us.
nabla-c0d3
commented
1 year ago Fixed as part of v5.1.2.
@eloquence Hello! Which of your projects is using sslyze? Just curious
eloquence
commented
1 year ago Thanks much @nabla-c0d3! We have a custom test suite that performs various config checks against our prod websites (in a private repo right now), and we also use pshtt (forked because it has its own set of dependency issues) as part of our landing page scanner for SecureDrop landing pages.
Describe the bug cryptography==38.0.4 is being flagged as being vulnerable. The recommended solution is to move to 39.x
To Reproduce See https://github.com/jauderho/dockerfiles/pull/1723
Expected behavior Remove constraint in https://github.com/nabla-c0d3/sslyze/blob/4ec80a38c7be787e5d05576f0f9b92920bc370b2/setup.py#L102
Python environment (please complete the following information):
Additional context Add any other context about the problem here.