feast icon indicating copy to clipboard operation
feast copied to clipboard
verified publisher icon feast-dev

Bump the cryptography version to 42

Open brijesh-vora-sp opened this issue 2 years ago • 3 comments

Is your feature request related to a problem? Please describe. cryptography<42 package has some medium vulnerabilities. Example: https://scout.docker.com/vulnerabilities/id/CVE-2023-50782?s=github&n=cryptography&t=pypi&vr=%3C42.0.0&utm_source=desktop&utm_medium=ExternalLink

starlette and fastapi had some high vulnerabilities but that was recently bumped up and thanks to that, they are removed.

Describe the solution you'd like Bump the cryptography package to>=42. Nice to have: bumping up of other compatible packages also.

brijesh-vora-sp avatar Feb 12 '24 22:02 brijesh-vora-sp

snowflake-connector-python is blocking the bump https://github.com/snowflakedb/snowflake-connector-python/blob/v3.7.0/setup.cfg#L48

bushwhackr avatar Feb 15 '24 12:02 bushwhackr

back to this one, since snowflake connector is no longer blocking

should we set 42 is lower bound for cryptography? @bushwhackr @tokoko

sudohainguyen avatar Feb 23 '24 10:02 sudohainguyen

No, I don't think so, let's leave it up for the users. Might get in the way with installing some other packages that people use with feast. snowflake also bumped only the upper bound.

tokoko avatar Feb 23 '24 11:02 tokoko

Thanks, guys. 👍

brijesh-vora-sp avatar Feb 28 '24 19:02 brijesh-vora-sp