BB2-3161: Update Cryptography Dependency (#1185)

* Updated pinned versions and hashes to fix SNYK cryptography alert * Pinned minimal packages * Re-add trusted-host declarations (SSL fix, test to remove in the future) * Typo * make req-compile req-download to get vendor packages installed and dev requirements pip-compiled. * Removed old cryptography vendor file. * Updated pinned crypto version in Jenkinsfile * Specify setuptools for Jenkins issue. * Unpinned setuptools, localized to vendor for jenkins * Explicit wheel in vendor files * Added explicit Cython package * Removed backports wheel, since dependency is dropped * Resolve backports.zoneinfo issue * importlib-resources in requirements.txt files * Explicit add for pkgutil * Unpin additional requirements declarations * Update dockerfile pins --------- Co-authored-by: Logan Bertram <[email protected]>
CMSgov · Apr 10, 2024 · aefec0e · aefec0e
1 parent f906dd0
commit aefec0e
Show file tree

Hide file tree

Showing 20 changed files with 198 additions and 313 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -13,10 +13,10 @@ RUN pip install --upgrade pip-tools
 RUN pip install --upgrade setuptools --trusted-host pypi.python.org --trusted-host=files.pythonhosted.org
 RUN pip install backports.zoneinfo
 RUN pip install charset-normalizer==3.1.0
-RUN pip install cryptography==41.0.7
+RUN pip install cryptography==42.0.4
 RUN pip install debugpy==1.6.7 --trusted-host pypi.python.org --trusted-host=files.pythonhosted.org
 RUN pip install newrelic==8.8.0
 RUN pip install pillow==10.2.0
-RUN pip install pyyaml==6.0
+RUN pip install pyyaml==6.0.1
 RUN pip install wrapt==1.15.0
 RUN pip install -r requirements/requirements.dev.txt --no-index --find-links ./vendor/
diff --git a/Jenkinsfiles/Jenkinsfile.cbc-run-multi-pr-checks-w-selenium b/Jenkinsfiles/Jenkinsfile.cbc-run-multi-pr-checks-w-selenium
@@ -56,7 +56,7 @@ pipeline {
  python -m venv venv
  . venv/bin/activate
  pip install selenium pytest Flask Flask-WTF
- pip install cryptography==39.0.1
+ pip install cryptography==42.0.4
  make reqs-install-dev
  """
  }

diff --git a/requirements/requirements.dev.txt b/requirements/requirements.dev.txt
diff --git a/requirements/requirements.in b/requirements/requirements.in
@@ -11,10 +11,13 @@ django-filter
 django-axes
 
 # support
+backports.zoneinfo
 django-waffle
 django-storages
 python-dotenv
 jsonschema
+importlib-resources
+pkgutil-resolve-name
 requests
 urllib3
 requests_oauthlib

diff --git a/requirements/requirements.txt b/requirements/requirements.txt
diff --git a/vendor/Cython-0.29.37-py2.py3-none-any.whl b/vendor/Cython-0.29.37-py2.py3-none-any.whl
diff --git a/vendor/PyYAML-6.0.1.tar.gz b/vendor/PyYAML-6.0.1.tar.gz
diff --git a/vendor/backports.zoneinfo-0.2.1-cp38-cp38-manylinux1_x86_64.whl b/vendor/backports.zoneinfo-0.2.1-cp38-cp38-manylinux1_x86_64.whl
diff --git a/vendor/backports.zoneinfo-0.2.1.tar.gz b/vendor/backports.zoneinfo-0.2.1.tar.gz
diff --git a/vendor/charset_normalizer-3.1.0-py3-none-any.whl b/vendor/charset_normalizer-3.1.0-py3-none-any.whl
diff --git a/vendor/cryptography-41.0.7-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl b/vendor/cryptography-41.0.7-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
diff --git a/vendor/cryptography-42.0.4-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl b/vendor/cryptography-42.0.4-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
diff --git a/vendor/debugpy-1.6.7-py2.py3-none-any.whl b/vendor/debugpy-1.6.7-py2.py3-none-any.whl
diff --git a/vendor/django_ses-3.5.0-py3-none-any.whl b/vendor/django_ses-3.5.0-py3-none-any.whl
diff --git a/vendor/jwcrypto-1.5.6-py3-none-any.whl b/vendor/jwcrypto-1.5.6-py3-none-any.whl
diff --git a/vendor/newrelic-8.8.0.tar.gz b/vendor/newrelic-8.8.0.tar.gz
diff --git a/vendor/pillow-10.2.0.tar.gz b/vendor/pillow-10.2.0.tar.gz
diff --git a/vendor/setuptools-69.2.0-py3-none-any.whl b/vendor/setuptools-69.2.0-py3-none-any.whl
diff --git a/vendor/wheel-0.43.0-py3-none-any.whl b/vendor/wheel-0.43.0-py3-none-any.whl
diff --git a/vendor/wrapt-1.15.0-py3-none-any.whl b/vendor/wrapt-1.15.0-py3-none-any.whl