Closed JensMadsen closed 1 year ago
There's an open PR on it but not much movement: https://github.com/talkiq/gcloud-aio/pull/562
We've manually force upgraded cyptography
after installing our other dependencies and v39.0.1 does work fine for our workload.
Fixed and releasing in gcloud-*-auth v4.1.6
.
Sorry for the crazy delay, maintaining this repo with python2.7 support, given how the PyPA folks keep tearing out backwards compatibility, is becoming a giant time suck. Hopefully we can drop that support soon and get this repo into a better place!
This CVE https://github.com/advisories/GHSA-x4qr-2fvf-3mr5 and https://www.openssl.org/news/secadv/20221213.txt
I looked into submitting a PR myself but you explicitly specify a range of valid cryptography versions so I am not sure what to do.
The cryptography package should be upgraded to v39.0.1