saftey scan detected old pycrypto
Closed this issue · 2 comments
amias-channer commented
- drHEADer version: 0.1.0
- Python version: 3.7
- Operating System: ubuntu-latest
Description
When runing the saftey scan as part of a build job the following bad dependencies where detected
Run python -m safety check
safety report
checked 79 packages, using default DB
---
-> pycrypto, installed 2.6.1, affected <=2.6.1, id 35015
-> cryptography, installed 2.1.4, affected >=1.9.0,<2.3, id 36351
##[error]Process completed with exit code 255.
Its interesting that the other tools didn't pick this up.
Fixes
We need to update these dependencies and check that code still works.
amias-channer commented
initall testing on my branch has shown that i can fix the dependencies by adding
pycrypto>=2.6.1
cryptography>=2.3
pyopenssl >= 17.5.0
six >= 1.5.2
but pycrypto gets flagged and there is no new version
amias-channer commented
this turned out to be because the release action was missing the python matrix setup than made it use version 3 pythons, it defaulted to python 2 which has dead versions.
this is now resolved , it has also shown that this will not build easily in python2 because of abandoned modules.