[December 2023] eRegs parsing requirements

Question

[December 2023] eRegs parsing requirements

tmpayton opened this issue a year ago · 1 comments

Take a look at Snyk vulnerabilities for requirements-parsing.txt and upgrade relevant packages to maintain the parsing tool

Reference ticket: #812

Action Items :

Check and document parsing requirements and upgrades in Snyk
- Run: snyk test --file=requirements-parsing.txt --package-manager=pip

Completion criteria:

Upgrade vulnerable packages in requirements-parsing.txt
Setup and parse 2023 regulations on local environment
- Parse eregs locally: https://github.com/fecgov/fec-eregs/wiki/Parse-regulations-on-local
Create a new ticket to check for the month of January 2024

Answer 1 · 2023-12-26T14:26:31.000Z

Issues with no direct upgrade or patch:
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294] in cryptography@41.0.6
    introduced by cryptography@41.0.6 and 1 other path(s)
  No upgrade or patch available
  ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975] in cryptography@41.0.6
    introduced by cryptography@41.0.6 and 1 other path(s)
  No upgrade or patch available