Merge pull request #383 from GSA/stvnrlly/update-cryptography

Resolve pip-audit findings and update awscli & boto
GSA · Aug 3, 2023 · 3fd76d0 · 3fd76d0
2 parents 5d72286 + 6411098
commit 3fd76d0
Show file tree

Hide file tree

Showing 4 changed files with 138 additions and 116 deletions.
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -118,7 +118,7 @@ jobs:
         env:
           SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
       - name: Run OWASP Baseline Scan
-        uses: zaproxy/action-api-scan@v0.1.1
+        uses: zaproxy/action-api-scan@v0.4.0
         with:
           docker_name: 'owasp/zap2docker-stable'
           target: 'http://localhost:6011/docs/openapi.yml'

diff --git a/.github/workflows/daily_checks.yml b/.github/workflows/daily_checks.yml
@@ -80,7 +80,7 @@ jobs:
         env:
           SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
       - name: Run OWASP Baseline Scan
-        uses: zaproxy/action-api-scan@v0.1.1
+        uses: zaproxy/action-api-scan@v0.4.0
         with:
           docker_name: 'owasp/zap2docker-weekly'
           target: 'http://localhost:6011/docs/openapi.yml'

diff --git a/Pipfile b/Pipfile
@@ -10,14 +10,14 @@ arrow = "==1.2.3"
 asn1crypto = "==1.5.1"
 async-timeout = "==4.0.2"
 attrs = "==21.4.0"
-awscli = "==1.24.8"
+awscli = "~=1.24"
 bcrypt = "==3.2.2"
 beautifulsoup4 = "==4.12.2"
 billiard = "==3.6.4.0"
 bleach = "==4.1.0"
 blinker = "~=1.4"
-boto3 = "==1.23.8"
-botocore = "==1.26.8"
+boto3 = "~=1.23"
+botocore = "~=1.26"
 cachetools = "==5.1.0"
 celery = {version = "==5.2.7", extras = ["redis"]}
 certifi = ">=2022.12.7"