Delete python-keyczar==0.716#6078
Open
philipphomberger wants to merge 8 commits intoStackStorm:masterfrom
Open
Delete python-keyczar==0.716#6078philipphomberger wants to merge 8 commits intoStackStorm:masterfrom
philipphomberger wants to merge 8 commits intoStackStorm:masterfrom
Conversation
Keyczar is deprecated. See: https://github.com/google/keyczar Critical Vunability: https://www.cve.org/CVERecord?id=CVE-2013-7459
pull-request-size
bot
added
the
size/XS
pull-request-size
bot
added
size/S
pull-request-size
bot
added
size/XS
arm4b
reviewed
Dec 1, 2023
| * Remove `distutils` dependencies across the project. #5992 | ||
| Contributed by @AndroxxTraxxon | ||
|
|
||
| * Remove deprecated not use dependencie `python-keyczar`. #6078 |
arm4b
reviewed
Dec 1, 2023
Member
arm4b
left a comment
arm4b
left a comment
There was a problem hiding this comment.
This was indeed deprecated a while ago when we moved from keyczar to cryptography in 2018: #4165
Looks like there is a leftover in fixed-requirements.txt, which is not getting into requirements.txt and not being installed as part of stackstorm dependencies.
Still a good find and should be removed 👍
The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5663682 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813745 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813746 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813750 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6036192 - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044 - https://snyk.io/vuln/SNYK-PYTHON-REDIS-5291195 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
…8df105fca856a48d [Snyk] Fix for 11 vulnerabilities
pull-request-size
bot
added
size/S
|
Philipp Homberger seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
cognifloyd
reviewed
Feb 19, 2024
pull-request-size
bot
added
size/L
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Keyczar is deprecated.
See:
https://github.com/google/keyczar
Critical Vunability:
https://www.cve.org/CVERecord?id=CVE-2013-7459
I checkout the codebase and not find this libary is still in use.
In the requirements-pants.txt i find that information:
was in fixed-requirements.txt, but not in requirements-pants.txt
keyczar is used by a python2-only test.
#python-keyczar
So because Python 2 is not in use I think this can be remove.
Please let me know if I am wrong. I am happy to learn.