Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade back-end dependencies that have security vulnerabilities #3139

Merged
merged 3 commits into from Aug 9, 2019

Conversation

@caseycesari
Copy link
Member

caseycesari commented Aug 9, 2019

Overview

Upgrades back-end dependencies flagged by Github with security vulnerabilities.

Connects #3101

Notes

Ansible will be upgraded in a separate PR.

Testing Instructions

  • Run vagrant reload app services worker --reprovision
  • Run the local development services, visit the app, and verify it generally works.

Checklist

  • All JavaScript tests pass ./scripts/testem.sh
@caseycesari caseycesari requested a review from rajadain Aug 9, 2019
@caseycesari caseycesari changed the title Upgrade back-end dependencies with security vulnerabilities Upgrade back-end dependencies that have security vulnerabilities Aug 9, 2019
@rajadain rajadain added the WPF label Aug 9, 2019
@caseycesari caseycesari force-pushed the cpc/upgrade-backend-deps branch from 403fd7e to 3e183fe Aug 9, 2019
Copy link
Member

rajadain left a comment

+1 provisioned with these updates and tested Draw, Analyze, Monitor (with multiple catalogs), Model (with both models), Subbasin, and HydroShare Export. Everything is working as it should.

@rajadain rajadain assigned caseycesari and unassigned rajadain Aug 9, 2019
@caseycesari

This comment has been minimized.

Copy link
Member Author

caseycesari commented Aug 9, 2019

Thanks for the quick turnaround!

@caseycesari caseycesari merged commit 9dc4a2e into develop Aug 9, 2019
2 checks passed
2 checks passed
default Build finished.
Details
model-my-watershed-pull-requests Build #4080 succeeded in 9 min 23 sec
Details
@caseycesari caseycesari deleted the cpc/upgrade-backend-deps branch Aug 9, 2019
caseycesari added a commit that referenced this pull request Aug 9, 2019
In #3139, cryptography was upgraded from 2.1.4 to 2.2.1 to satisfy a
requirement of pyOpenSSL 19.0.0. However, upgrading to that version of
cryptography did not fix the security vulnerability, which was patched
in 2.3.1. The library is updated again here to remedy the vulnerability.

Refs #3101
@caseycesari caseycesari mentioned this pull request Aug 9, 2019
1 of 1 task complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.