Dependabot alert for cryptography v38

Problem: cryptography dependency has security vulnerabilities CVE-2023-0286 High severity CVE-2023-23931 Moderate severity Solution: Upgrade cryptography to v41.0. Fixes AB#7856 Signed-off-by: Paul Hewlett <[email protected]>
datatrails · May 31, 2023 · 3efac7a · 3efac7a
1 parent e14c48b
commit 3efac7a
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 4 deletions.
diff --git a/archivist_samples/signed_records/main.py b/archivist_samples/signed_records/main.py
@@ -63,7 +63,7 @@ def load_keys(asset_name):
         privkey_pem = privkeyfile.read().strip()
 
     backend = backends.default_backend()
-    private_key = backend.load_pem_private_key(privkey_pem, password=None)
+    private_key = backend.load_pem_private_key(privkey_pem, None, False)
     public_key = private_key.public_key()
 
     return private_key, public_key

diff --git a/requirements.txt b/requirements.txt
@@ -1,5 +1,3 @@
-# TODO: this version is subject to a security alert but
-# upgrading requires code changes.
-cryptography~=38.0
+cryptography~=41.0.0
 rkvst-archivist==0.22.0
 pyyaml~=6.0