Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bumping cryptography (pip-audit warning) #565

Merged
merged 5 commits into from
Sep 10, 2024
Merged

chore: bumping cryptography (pip-audit warning) #565

merged 5 commits into from
Sep 10, 2024

Conversation

aorumbayev
Copy link
Collaborator

@aorumbayev aorumbayev commented Sep 9, 2024
edited
Loading

Currently blocked due to auth0/auth0-python#627.

@aorumbayev
Copy link
Collaborator Author

@neilcampbell we can either:

  1. Move the related abstractions (its just 2 classes that we rely on in this package around JWT validation) - we can remove dependency on auth0 completely (it was known to cause similar issues for at least twice over past year)
  2. Wait for this to be addressed on auth0 package, looks like issue 627 has a lot of folks pushing for resolution
  3. Ignore the warning on pip audit side and apply 2 as soon as the fix is available.

What do you think ?

@neilcampbell
Copy link
Contributor

@aorumbayev If we can remove the dependency easily, then maybe that's a good way forward.

@aorumbayev
Copy link
Collaborator Author

@neilcampbell moved auth0 specific depenendcies to _vendor folder inside core, header include ref to file and ref commit. Let me know what you think

@neilcampbell
Copy link
Contributor

@aorumbayev Nice. Assuming you've checked the testnet dispenser features are all working as expected?

@github-actions GitHub Actions
Copy link

Coverage

Coverage Report
FileStmtsMissCoverMissing
src/algokit
   __init__.py15753%6–13, 17–24, 32–34
   __main__.py440%1–7
src/algokit/cli
   __init__.py47394%31–34
   codespace.py50982%28, 114, 137, 150–155
   completions.py108992%63–64, 83, 93–99
   dispenser.py121199%77
   doctor.py53394%146–148
   explore.py631576%35–40, 42–47, 85–92, 113
   generate.py70396%76–77, 155
   goal.py47198%79
   init.py3102492%491–492, 497–498, 501, 522, 525–527, 538, 542, 600, 626, 655, 688, 697–699, 702–707, 720, 739, 751–752
   localnet.py1523279%65, 86–113, 133–137, 170, 182, 197–207, 220, 271, 292–293
   task.py34391%25–28
src/algokit/cli/common
   utils.py37295%137, 139
src/algokit/cli/project
   bootstrap.py32197%33
   deploy.py1172083%47, 49, 102, 125, 147–149, 270, 277, 291–299, 302–311
   link.py891682%60, 65–66, 101–105, 115–120, 148–149, 218–219, 223
   list.py33585%21–23, 51–56
   run.py46296%38, 174
src/algokit/cli/tasks
   analyze.py81199%81
   assets.py821384%65–66, 72, 74–75, 105, 119, 125–126, 132, 134, 136–137
   ipfs.py51884%52, 80, 92, 94–95, 105–107
   mint.py1061586%51, 73, 100–103, 108, 113, 131–132, 158, 335–339
   send_transaction.py651085%52–53, 57, 89, 158, 170–174
   sign_transaction.py59886%21, 28–30, 71–72, 109, 123
   transfer.py39392%26, 90, 117
   utils.py1144660%29–37, 43–46, 78–79, 103–104, 128–136, 155–165, 212, 261–262, 282–293, 300–302, 324
   vanity_address.py561082%41, 45–48, 112, 114, 121–123
   wallet.py79495%21, 66, 136, 162
src/algokit/core
   codespace.py1756861%34–37, 41–44, 48–71, 111–112, 125–133, 191, 200–202, 210, 216–217, 229–236, 251–298, 311–313, 338–344, 348, 395
   conf.py57984%12, 24, 28, 36, 38, 73–75, 80
   dispenser.py2022687%92, 124–125, 142–150, 192–193, 199–201, 219–220, 260–261, 319, 333–335, 346–347, 357, 370, 385
   doctor.py65789%67–69, 92–94, 134
   generate.py50394%44, 85, 103
   goal.py65494%21, 36–37, 47
   init.py671085%53, 57–62, 70, 81, 88, 108–109
   log_handlers.py68790%50–51, 63, 112–116, 125
   proc.py45198%99
   sandbox.py2632391%32, 89–92, 97, 101–103, 153, 201–208, 219, 590, 606, 631, 639
   typed_client_generation.py1702088%62–64, 103–108, 132, 135–138, 156, 159–162, 229, 232–235
   utils.py1504073%50–51, 57–69, 125–131, 155, 158, 164–177, 206–208, 237–240, 262
src/algokit/core/_vendor/auth0/authentication
   token_verifier.py15711129%17, 46, 59, 74–86, 99–108, 120–125, 137–138, 141, 171, 179–181, 191–200, 207–214, 228–237, 259, 281–288, 315–324, 334–445
src/algokit/core/compilers
   python.py28582%19–20, 25, 49–50
src/algokit/core/config_commands
   container_engine.py412149%24, 29–31, 47–76
   version_prompt.py921485%37–38, 68, 87–90, 108, 118–125, 148
src/algokit/core/project
   __init__.py53394%50, 86, 145
   bootstrap.py120893%47, 126–127, 149, 176, 207–209
   deploy.py69987%108–111, 120–122, 126, 131
   run.py1321390%83, 88, 97–98, 133–134, 138–139, 143, 147, 277–278, 293
src/algokit/core/tasks
   analyze.py93397%105–112, 187
   ipfs.py63789%58–64, 140, 144, 146, 152
   nfd.py491373%25, 31, 34–41, 70–72, 99–101
   vanity_address.py903462%49–50, 54, 59–75, 92–108, 128–131
   wallet.py71593%37, 129, 155–157
src/algokit/core/tasks/mint
   mint.py74988%123–133
   models.py921782%50, 52, 57, 71–74, 81–90
TOTAL491376884% 

Tests Skipped Failures Errors Time
499 0 💤 0 ❌ 0 🔥 24.235s ⏱️

@aorumbayev aorumbayev merged commit a9147f5 into main Sep 10, 2024
14 checks passed
@aorumbayev aorumbayev deleted the chore/pip-audit branch September 10, 2024 12:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@neilcampbell neilcampbell neilcampbell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aorumbayev @neilcampbell