Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade back-end dependencies that have security vulnerabilities #3139

Merged
merged 3 commits into from
Aug 9, 2019
Merged

Upgrade back-end dependencies that have security vulnerabilities #3139

merged 3 commits into from
Aug 9, 2019

Conversation

caseycesari
Copy link
Member

Overview

Upgrades back-end dependencies flagged by Github with security vulnerabilities.

Connects #3101

Notes

Ansible will be upgraded in a separate PR.

Testing Instructions

  • Run vagrant reload app services worker --reprovision
  • Run the local development services, visit the app, and verify it generally works.

Checklist

  • All JavaScript tests pass ./scripts/testem.sh

@caseycesari caseycesari changed the title Upgrade back-end dependencies with security vulnerabilities Upgrade back-end dependencies that have security vulnerabilities Aug 9, 2019
@rajadain rajadain added the WPF Funding Source: William Penn Foundation label Aug 9, 2019
rajadain
rajadain approved these changes Aug 9, 2019
View reviewed changes
Copy link
Member

@rajadain rajadain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 provisioned with these updates and tested Draw, Analyze, Monitor (with multiple catalogs), Model (with both models), Subbasin, and HydroShare Export. Everything is working as it should.

@rajadain rajadain assigned caseycesari and unassigned rajadain Aug 9, 2019
@caseycesari
Copy link
Member Author

Thanks for the quick turnaround!

@caseycesari caseycesari merged commit 9dc4a2e into develop Aug 9, 2019
@caseycesari caseycesari deleted the cpc/upgrade-backend-deps branch August 9, 2019 19:37
caseycesari added a commit that referenced this pull request Aug 9, 2019
@caseycesari
Upgrade cryptography to 2.7
862d02c 
In #3139, cryptography was upgraded from 2.1.4 to 2.2.1 to satisfy a
requirement of pyOpenSSL 19.0.0. However, upgrading to that version of
cryptography did not fix the security vulnerability, which was patched
in 2.3.1. The library is updated again here to remedy the vulnerability.

Refs #3101
@caseycesari caseycesari mentioned this pull request Aug 9, 2019
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rajadain rajadain rajadain approved these changes

Assignees

@caseycesari caseycesari

Labels
WPF Funding Source: William Penn Foundation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@caseycesari @rajadain