Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

📖 Investigate updating python dependency in Control panel #6249

Open
4 tasks
Emterry opened this issue Dec 6, 2024 · 0 comments
Open
4 tasks

📖 Investigate updating python dependency in Control panel #6249

Emterry opened this issue Dec 6, 2024 · 0 comments
Assignees
@jamesstottmoj
Labels
bug Something isn't working python Pull requests that update Python code story

Comments

@Emterry
Copy link
Contributor

Emterry commented Dec 6, 2024

User Story

Investigate a fix or replacement for the dependancy python-jose 3.3.0 https://github.com/ministryofjustice/analytics-platform-control-panel/blob/bb318f1409292e356b88619a7cbd4c267e20fe6c/requirements.txt#L34

Value / Purpose

This package was identified as a critical vulnerability by trivy scan details found here https://nvd.nist.gov/vuln/detail/CVE-2024-33664

Attempted to downgrade to 3.2.0 but this was also flagged by workflows as affected
This dependancy is abandonware so no available fix at present

Useful Contacts

No response

User Types

No response

Hypothesis

If we... [do a thing]
Then... [this will happen]

Proposal

No response

Additional Information

No response

Definition of Done

Example - [ ] Documentation has been written / updated

  • README has been updated
  • User docs have been updated
  • Another team member has reviewed
  • Tests are green
@Emterry Emterry added the story label Dec 6, 2024
@jacobwoffenden jacobwoffenden changed the title 📖 Investigate updating python dependancy in Control panel 📖 Investigate updating python dependency in Control panel Dec 6, 2024
@Emterry Emterry added bug Something isn't working python Pull requests that update Python code labels Dec 10, 2024
@jamesstottmoj jamesstottmoj self-assigned this Dec 19, 2024
@jamesstottmoj jamesstottmoj moved this from 👀 TODO to 🚀 In Progress in Analytical Platform Dec 19, 2024
@jamesstottmoj jamesstottmoj mentioned this issue Dec 20, 2024
Merged
1 task
@jamesstottmoj jamesstottmoj moved this from 🚀 In Progress to 🛂 In Review in Analytical Platform Dec 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jamesstottmoj jamesstottmoj

Labels
bug Something isn't working python Pull requests that update Python code story
Projects
Analytical Platform
Status: 🛂 In Review
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Emterry @jamesstottmoj