Wazuh-QA Dependant-bot suggests to merge Cryptography bump PR from 3.3.2 to 41.0.6

wazuh / wazuh-qa

Wazuh - Quality Assurance

GNU General Public License v2.0

60 stars 30 forks source link

Wazuh-QA Dependant-bot suggests to merge Cryptography bump PR from 3.3.2 to 41.0.6 #5273

Open pro-akim opened 2 weeks ago

pro-akim commented 2 weeks ago

Alert in Wazuh-QA Dependant-bot was found:

It seems that by merging the mentioned PR, cryptography vulnerabilities will disappear

[ ] Analyze the convenience of its implementation
[ ] Evaluate risks
[ ] merge if it is correct

rauldpm commented 1 week ago

The bot created the original PR on Nov 28, 2023, this issue has not been worked on in a long time, we need to work on it but we have other issues with higher priorities, I propose adding the issue to the qa_known label and address it in the future