-
-
Notifications
You must be signed in to change notification settings - Fork 746
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Delete python-keyczar==0.716 #6078
base: master
Are you sure you want to change the base?
Conversation
Keyczar is deprecated. See: https://github.com/google/keyczar Critical Vunability: https://www.cve.org/CVERecord?id=CVE-2013-7459
@@ -82,6 +82,9 @@ Changed | |||
* Remove `distutils` dependencies across the project. #5992 | |||
Contributed by @AndroxxTraxxon | |||
|
|||
* Remove deprecated not use dependencie `python-keyczar`. #6078 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like there's a typo here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was indeed deprecated a while ago when we moved from keyczar
to cryptography
in 2018: #4165
Looks like there is a leftover in fixed-requirements.txt
, which is not getting into requirements.txt
and not being installed as part of stackstorm dependencies.
Still a good find and should be removed 👍
The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5663682 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813745 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813746 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813750 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6036192 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044 - https://snyk.io/vuln/SNYK-PYTHON-REDIS-5291195 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
…8df105fca856a48d [Snyk] Fix for 11 vulnerabilities
Philipp Homberger seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
Keyczar is deprecated.
See:
https://github.com/google/keyczar
Critical Vunability:
https://www.cve.org/CVERecord?id=CVE-2013-7459
I checkout the codebase and not find this libary is still in use.
In the requirements-pants.txt i find that information:
was in fixed-requirements.txt, but not in requirements-pants.txt
keyczar is used by a python2-only test.
#python-keyczar
So because Python 2 is not in use I think this can be remove.
Please let me know if I am wrong. I am happy to learn.