Update dependency cryptography to v44.0.1 [SECURITY] #764
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
requested review from
a team,
taurus-forever,
dragomirp,
marceloneppel and
lucasgameiroborges
and removed request for
a team
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #764 +/- ##
=======================================
Coverage 71.96% 71.96%
=======================================
Files 15 15
Lines 3474 3474
Branches 532 532
=======================================
Hits 2500 2500
Misses 845 845
Partials 129 129 ☔ View full report in Codecov by Sentry. |
renovate
bot
force-pushed
the
renovate/pypi-cryptography-vulnerability
branch
from
8ddac95 to
dff39e0
Compare
renovate
bot
force-pushed
the
renovate/pypi-cryptography-vulnerability
branch
from
dff39e0 to
5adfca5
Compare
renovate
bot
force-pushed
the
renovate/pypi-cryptography-vulnerability
branch
from
5adfca5 to
344be00
Compare
dragomirp
approved these changes
Feb 15, 2025
marceloneppel
approved these changes
Feb 15, 2025
dragomirp
added a commit
that referenced
this pull request
Mar 13, 2025
* Use `charmcraft test` & concierge (#762) * Update charmcraft.yaml build tools (#760) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [DPE-6020] Better promote-to-primary unit scope error handling (#759) * Bump libs * Flip default scope * Better action failure * Wrong attr * Revert scope * Bump libs * Handle async replica switchover * Unit tests * Bump cosl * Disable Nextcloud test (#767) * Update canonical/data-platform-workflows action to v30 (#770) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Use _promote_charm.yaml (#771) Use `charmcraft promote` and auto-generate release notes * [DPE-5827] Set all nodes to synchronous replicas (#672) * Set all nodes to synchronous replicas * Fix template var * Also change config patching * Update sync nodes during upgrade * Revert are_writes_increasing changes * Add back logging * Try without logs * Tactical sleep * Log removal error * Remove logs * Tweak replication test * Pass down unit * Wait for test app to idle * Add comment * Port config changes * Copy policy test * Fix import * Missed param removal * Unit test * Missing attr * Add logs * Add timeout to connection * Log conn str * Fix num of standbys * Charm fixture * Remove stepdown hook * Config description * Revert conn str * Add async scaling test * Typo * Don't remove standby and primary * Update dependency psutil to v7 (#772) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency cryptography to v44.0.1 [SECURITY] (#764) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update canonical/data-platform-workflows action to v30.0.2 (#765) * Update canonical/data-platform-workflows action to v30.0.2 * Update promote.yaml --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> * [DPE-6323] Handle missing stanza output (#727) * Handle missing stanza output * Update libs * Unit tests * Update canonical/has-signed-canonical-cla action to v2 (#773) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [MISC] Define charm constants (#774) * Lock file maintenance Python dependencies (#743) * Lock file maintenance Python dependencies * Backoff boto3 1.36 --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Dragomir Penev <dragomir.penev@canonical.com> * Update charmcraft.yaml build tools (#768) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update canonical/data-platform-workflows action to v30.1.3 (#776) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency uv to v0.6.3 (#780) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [MISC] Sanitize PostgreSQL extra-user-roles arg (#782) * [MISC] Fix PostgreSQL lib function signature (#786) * [MISC] Skip backup and subordinate tests without creds (#789) * Bump libs * Skip backup tests without creds * Skip subordinate tests * Update tests/integration/test_subordinates.py Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> --------- Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> * Update dependency jinja2 to v3.1.6 [SECURITY] (#788) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Disable cache * Reduce required approvals on Renovate pull requests by 1 (#787) * Sync docs from Discourse (#748) Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com> * Cleanup juju 2 tests * Linting * Integration test diffs * Try with series for ubuntu pro subordinate * Filter terminated units * Bump PG version * Disable pgaudit for timescale and postgis * Linting * Remove tests * Remove param for secrets * Linting * Idle when disabling pgaudit * Actually disable audit * Disable timescale in object test * Try to disable plugins between tests * Update canonical/data-platform-workflows action to v30.2.0 (#792) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Try to disable pgaudit in general --------- Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Sinclert Pérez <sinclert.perez@canonical.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
dragomirp
added a commit
that referenced
this pull request
Mar 19, 2025
* WIP: enable pg_tracing * adapt render patroni function * Move pg_tracing conf to the correct location * fix lint and unit tests * use ubuntu 24.04 as base * fix issues + revert base to jammy * fix queries for plugin testing * downgrade psycopg2 version * update lock file * update psycopg2-binary too * revery psycopg2 versions and add ssl params * revert lock * use noble as base * use different workflow version * remove cache * edit plugin * fix integration tests * revert pgtracing config + add new snaps * try fixes * try new fixes * try fixing restart * try catching reload errors * adapt test_subordinates to remove ubuntu pro charm * try use newer branch for workflow * fix lock hash * use new branch for plugin too * remove old refs to pg 14 * specify cc version 3 on release workflow * remove juju 2.9 + refactor release workflow * remove libjuju constraint * fix release too * use new charm + small adjustments * fix lock file * fix build_charm issue * remove base from deploy calls * nits * Use `charmcraft test` & concierge (#762) * Update charmcraft.yaml build tools (#760) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [DPE-6020] Better promote-to-primary unit scope error handling (#759) * Bump libs * Flip default scope * Better action failure * Wrong attr * Revert scope * Bump libs * Handle async replica switchover * Unit tests * Bump cosl * Disable Nextcloud test (#767) * Update canonical/data-platform-workflows action to v30 (#770) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Use _promote_charm.yaml (#771) Use `charmcraft promote` and auto-generate release notes * [DPE-5827] Set all nodes to synchronous replicas (#672) * Set all nodes to synchronous replicas * Fix template var * Also change config patching * Update sync nodes during upgrade * Revert are_writes_increasing changes * Add back logging * Try without logs * Tactical sleep * Log removal error * Remove logs * Tweak replication test * Pass down unit * Wait for test app to idle * Add comment * Port config changes * Copy policy test * Fix import * Missed param removal * Unit test * Missing attr * Add logs * Add timeout to connection * Log conn str * Fix num of standbys * Charm fixture * Remove stepdown hook * Config description * Revert conn str * Add async scaling test * Typo * Don't remove standby and primary * Update dependency psutil to v7 (#772) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency cryptography to v44.0.1 [SECURITY] (#764) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update canonical/data-platform-workflows action to v30.0.2 (#765) * Update canonical/data-platform-workflows action to v30.0.2 * Update promote.yaml --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> * [DPE-6323] Handle missing stanza output (#727) * Handle missing stanza output * Update libs * Unit tests * Update canonical/has-signed-canonical-cla action to v2 (#773) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [MISC] Define charm constants (#774) * Lock file maintenance Python dependencies (#743) * Lock file maintenance Python dependencies * Backoff boto3 1.36 --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Dragomir Penev <dragomir.penev@canonical.com> * Update charmcraft.yaml build tools (#768) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update canonical/data-platform-workflows action to v30.1.3 (#776) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency uv to v0.6.3 (#780) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [MISC] Sanitize PostgreSQL extra-user-roles arg (#782) * [MISC] Fix PostgreSQL lib function signature (#786) * [MISC] Skip backup and subordinate tests without creds (#789) * Bump libs * Skip backup tests without creds * Skip subordinate tests * Update tests/integration/test_subordinates.py Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> --------- Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> * Update dependency jinja2 to v3.1.6 [SECURITY] (#788) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Reduce required approvals on Renovate pull requests by 1 (#787) * Sync docs from Discourse (#748) Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com> * Update canonical/data-platform-workflows action to v30.2.0 (#792) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency uv to v0.6.5 (#785) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Pg 16 sync main (#793) * Use `charmcraft test` & concierge (#762) * Update charmcraft.yaml build tools (#760) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [DPE-6020] Better promote-to-primary unit scope error handling (#759) * Bump libs * Flip default scope * Better action failure * Wrong attr * Revert scope * Bump libs * Handle async replica switchover * Unit tests * Bump cosl * Disable Nextcloud test (#767) * Update canonical/data-platform-workflows action to v30 (#770) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Use _promote_charm.yaml (#771) Use `charmcraft promote` and auto-generate release notes * [DPE-5827] Set all nodes to synchronous replicas (#672) * Set all nodes to synchronous replicas * Fix template var * Also change config patching * Update sync nodes during upgrade * Revert are_writes_increasing changes * Add back logging * Try without logs * Tactical sleep * Log removal error * Remove logs * Tweak replication test * Pass down unit * Wait for test app to idle * Add comment * Port config changes * Copy policy test * Fix import * Missed param removal * Unit test * Missing attr * Add logs * Add timeout to connection * Log conn str * Fix num of standbys * Charm fixture * Remove stepdown hook * Config description * Revert conn str * Add async scaling test * Typo * Don't remove standby and primary * Update dependency psutil to v7 (#772) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency cryptography to v44.0.1 [SECURITY] (#764) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update canonical/data-platform-workflows action to v30.0.2 (#765) * Update canonical/data-platform-workflows action to v30.0.2 * Update promote.yaml --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> * [DPE-6323] Handle missing stanza output (#727) * Handle missing stanza output * Update libs * Unit tests * Update canonical/has-signed-canonical-cla action to v2 (#773) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [MISC] Define charm constants (#774) * Lock file maintenance Python dependencies (#743) * Lock file maintenance Python dependencies * Backoff boto3 1.36 --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Dragomir Penev <dragomir.penev@canonical.com> * Update charmcraft.yaml build tools (#768) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update canonical/data-platform-workflows action to v30.1.3 (#776) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency uv to v0.6.3 (#780) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [MISC] Sanitize PostgreSQL extra-user-roles arg (#782) * [MISC] Fix PostgreSQL lib function signature (#786) * [MISC] Skip backup and subordinate tests without creds (#789) * Bump libs * Skip backup tests without creds * Skip subordinate tests * Update tests/integration/test_subordinates.py Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> --------- Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> * Update dependency jinja2 to v3.1.6 [SECURITY] (#788) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Disable cache * Reduce required approvals on Renovate pull requests by 1 (#787) * Sync docs from Discourse (#748) Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com> * Cleanup juju 2 tests * Linting * Integration test diffs * Try with series for ubuntu pro subordinate * Filter terminated units * Bump PG version * Disable pgaudit for timescale and postgis * Linting * Remove tests * Remove param for secrets * Linting * Idle when disabling pgaudit * Actually disable audit * Disable timescale in object test * Try to disable plugins between tests * Update canonical/data-platform-workflows action to v30.2.0 (#792) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Try to disable pgaudit in general --------- Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Sinclert Pérez <sinclert.perez@canonical.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Dual branch configs * Revert lib changes * Remove legacy rels * Restore pydantic rule * Remove legacy rels metadata * Remove manual dispatch * Create schema to test admin user privileges * Cleanup markers * Workaround for cluster restore test * Promote permadiff * Apply suggestions from code review Co-authored-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Bump snaps --------- Co-authored-by: Shayan Patel <shayan.patel@canonical.com> Co-authored-by: Lucas Gameiro Borges <lucas.borges@canonical.com> Co-authored-by: Carl Csaposs <carl.csaposs@canonical.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Dragomir Penev <6687393+dragomirp@users.noreply.github.com> Co-authored-by: Sinclert Pérez <sinclert.perez@canonical.com> Co-authored-by: Dragomir Penev <dragomir.penev@canonical.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
44.0.0->44.0.1GitHub Vulnerability Alerts
CVE-2024-12797
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20250211.txt.
If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.
Release Notes
pyca/cryptography (cryptography)
v44.0.1Compare Source
Configuration
📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.