Skip to content

Upgrade cryptography v46.0.7 -> v49.0.0#1111

Open
acroca wants to merge 1 commit into
dapr:mainfrom
acroca:upgrade-cryptography-dependency
Open

Upgrade cryptography v46.0.7 -> v49.0.0#1111
acroca wants to merge 1 commit into
dapr:mainfrom
acroca:upgrade-cryptography-dependency

Conversation

@acroca

@acroca acroca commented Jun 30, 2026

Copy link
Copy Markdown
Member

Fix security alert: https://github.com/dapr/python-sdk/security/dependabot/56

Removed pyOpenSSL as a dependency, and used cryptograpy 49.0.0 directly for the small usecase we had for pyOpenSSL.

@acroca acroca requested review from a team as code owners June 30, 2026 14:05
@acroca acroca requested a review from Copilot June 30, 2026 14:07
@codecov

codecov Bot commented Jun 30, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.08%. Comparing base (bffb749) to head (a475a7e).
⚠️ Report is 163 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #1111      +/-   ##
==========================================
- Coverage   86.63%   82.08%   -4.55%     
==========================================
  Files          84      116      +32     
  Lines        4473     9578    +5105     
==========================================
+ Hits         3875     7862    +3987     
- Misses        598     1716    +1118     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the dev/test dependency set to address a Dependabot security alert by upgrading cryptography and removing pyOpenSSL, switching the unit-test certificate generation code to use cryptography directly.

Changes:

  • Upgraded cryptography in the lockfile and removed pyOpenSSL from the resolved dependency graph.
  • Replaced pyOpenSSL-based certificate generation in tests with cryptography.x509 + cryptography.hazmat.
  • Updated pyproject.toml dev dependency list to remove pyOpenSSL and require cryptography.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File Description
uv.lock Updates resolved cryptography to 49.0.0 and removes pyopenssl from dev/test resolution.
tests/clients/certs.py Migrates self-signed cert/key generation from pyOpenSSL to cryptography.
pyproject.toml Removes pyOpenSSL from dev deps and updates the cryptography constraint.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pyproject.toml Outdated
@acroca acroca force-pushed the upgrade-cryptography-dependency branch from b5d6b6f to b91ea93 Compare June 30, 2026 14:15
Signed-off-by: Albert Callarisa <albert@diagrid.io>
@acroca acroca force-pushed the upgrade-cryptography-dependency branch from b91ea93 to a475a7e Compare June 30, 2026 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants