/h

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to cryptography 1.8 #4484

Merged
merged 1 commit into from Apr 5, 2017

Conversation

Reviewers

@chdorner chdorner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@nickstenning @codecov-io @chdorner
@nickstenning
Contributor

nickstenning commented Apr 5, 2017

Upgrade to the latest cryptography, mainly to ensure that we're staying current with security-critical libraries.

In particular, we appear to have entirely missed that cryptography 1.5.3 contained a security fix for an issue with HKDF, which we use for key derivation (CVE-2016-9243).
@nickstenning
Upgrade to cryptography 1.8 
Upgrade to the latest cryptography, mainly to ensure that we're staying
current with security-critical libraries.

In particular, we appear to have entirely missed that cryptography 1.5.3
contained a security fix for an issue with HKDF, which we use for key
derivation (CVE-2016-9243).
Loading status checks…
d7ae1ed
@nickstenning

This comment has been minimized.

Show comment
Hide comment
@nickstenning

nickstenning Apr 5, 2017

Contributor

We can ignore the safety-ci status check here, as we can fix that in subsequent PRs.
Contributor

nickstenning commented Apr 5, 2017

We can ignore the safety-ci status check here, as we can fix that in subsequent PRs.
@codecov-io

This comment has been minimized.

Show comment
Hide comment
@codecov-io

codecov-io Apr 5, 2017

Codecov Report

Merging #4484 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@          Coverage Diff           @@
##           master   #4484   +/-   ##
======================================
  Coverage    94.6%   94.6%           
======================================
  Files         354     354           
  Lines       18859   18859           
  Branches     1088    1088           
======================================
  Hits        17842   17842           
  Misses        905     905           
  Partials      112     112

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3e900fe...d7ae1ed. Read the comment docs.

codecov-io commented Apr 5, 2017

Codecov Report

Merging #4484 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@          Coverage Diff           @@
##           master   #4484   +/-   ##
======================================
  Coverage    94.6%   94.6%           
======================================
  Files         354     354           
  Lines       18859   18859           
  Branches     1088    1088           
======================================
  Hits        17842   17842           
  Misses        905     905           
  Partials      112     112

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3e900fe...d7ae1ed. Read the comment docs.
@chdorner

chdorner approved these changes Apr 5, 2017
View changes

As mentioned in Slack, I've tested being logged in on master, then checked out this branch and installed the packages and made sure that I'm still logged in. 👍

@chdorner chdorner merged commit b41b33f into master Apr 5, 2017
6 of 7 checks passed

6 of 7 checks passed

pyup.io/safety-ci gevent 1.1.2 and html5lib 0.9999999 have known security vulnerabilities.
Details
codecov/patch Coverage not affected when comparing 3e900fe...d7ae1ed
Details
codecov/project 94.6% remains the same compared to 3e900fe
Details
continuous-integration/jenkins/branch This commit looks good
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
hound No violations found. Woof!

@chdorner chdorner deleted the upgrade-cryptography branch Apr 5, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment