We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
@cgreene received the following notice:
Project Cognoma organization Warning! cognoma / core-service Known security vulnerabilities detected Dependency pycrypto Version <=2.6.1 Vulnerabilities CVE-2018-6594 Moderate severity Defined in requirements.txt
It seems like this could be as simple as updating pycrypto and redeploying.
The text was updated successfully, but these errors were encountered:
Looks like the fix is to replace pycrypto with pycryptodome: pycrypto/pycrypto#253 (comment)
Sorry, something went wrong.
It looks like it might only be listed as dependency and not actually used:
kurt@kurtputer:~/Development/cognoma/core-service$ ggrep pycrypto requirements.txt:32:pycrypto==2.6.1 kurt@kurtputer:~/Development/cognoma/core-service$ ggrep Crypto requirements.txt:6:cryptography==1.5.2 requirements.txt:32:pycrypto==2.6.1
However it's hard to tell if it's actually being used by another dependency...
No branches or pull requests
@cgreene received the following notice:
It seems like this could be as simple as updating pycrypto and redeploying.
The text was updated successfully, but these errors were encountered: