Skip to content

Update cryptography dependency, add pytest and bump the package version to 3.4.0#107

Open
abhakash wants to merge 1 commit intoojarva:masterfrom
abhakash:updateCryptographyAndBumpMinVer
Open

Update cryptography dependency, add pytest and bump the package version to 3.4.0#107
abhakash wants to merge 1 commit intoojarva:masterfrom
abhakash:updateCryptographyAndBumpMinVer

Conversation

@abhakash
Copy link

@abhakash abhakash commented Jan 10, 2025
edited
Loading

Summary

The package version in PyPI is still dependent on ecdsa, which has a vulnerability CVE-2024-23342. The latest version was never published.
This change aims to upgrade the package version to 3.4.0 and upgrade other dependencies.

Changes in the PR

  1. Upgrade cryptography to 43.x . Since encode_point method is deprecated, switched to public_bytes method instead.
  2. Add pytest support for running tests. The init.py file is renamed to support pytest's *test.py format
  3. long(int) is not supported in Python3. int can handle long values
  4. Fixed Github Action run: upgraded actions version, added pytest, added ongoing python versions upto 3.13
  5. Fixed formatting as per yapf

Testing

Tests via pytest ran successfully.
Github CI run :
https://github.com/abhakash/python-sshpubkeys/actions/runs/12703787314

Let me know if any additional testing is required. Or if the package versioning should be changed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@abhakash