saftey scan detected old pycrypto

Question

saftey scan detected old pycrypto

Closed this issue 5 years ago · 2 comments

drHEADer version: 0.1.0
Python version: 3.7
Operating System: ubuntu-latest

Description

When runing the saftey scan as part of a build job the following bad dependencies where detected

Run python -m safety check
safety report
checked 79 packages, using default DB
---
-> pycrypto, installed 2.6.1, affected <=2.6.1, id 35015
-> cryptography, installed 2.1.4, affected >=1.9.0,<2.3, id 36351
##[error]Process completed with exit code 255.

Its interesting that the other tools didn't pick this up.

Fixes

We need to update these dependencies and check that code still works.

Answer 1 · 2019-09-19T11:17:24.000Z

initall testing on my branch has shown that i can fix the dependencies by adding

pycrypto>=2.6.1
cryptography>=2.3
pyopenssl >= 17.5.0
six >= 1.5.2

but pycrypto gets flagged and there is no new version

Answer 2 · 2019-09-19T11:49:21.000Z

this turned out to be because the release action was missing the python matrix setup than made it use version 3 pythons, it defaulted to python 2 which has dead versions.

this is now resolved , it has also shown that this will not build easily in python2 because of abandoned modules.