Skip to content

Update cryptography dependency, add pytest and bump the package version to 3.4.0 #107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
abhakash wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update cryptography dependency, add pytest and bump the package version to 3.4.0 #107

abhakash wants to merge 1 commit into from

Conversation

@abhakash
Copy link

@abhakash abhakash commented Jan 10, 2025
edited
Loading

Summary

The package version in PyPI is still dependent on ecdsa, which has a vulnerability CVE-2024-23342. The latest version was never published.
This change aims to upgrade the package version to 3.4.0 and upgrade other dependencies.

Changes in the PR

  1. Upgrade cryptography to 43.x . Since encode_point method is deprecated, switched to public_bytes method instead.
  2. Add pytest support for running tests. The init.py file is renamed to support pytest's *test.py format
  3. long(int) is not supported in Python3. int can handle long values
  4. Fixed Github Action run: upgraded actions version, added pytest, added ongoing python versions upto 3.13
  5. Fixed formatting as per yapf

Testing

Tests via pytest ran successfully.
Github CI run :
https://github.com/abhakash/python-sshpubkeys/actions/runs/12703787314

Let me know if any additional testing is required. Or if the package versioning should be changed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@abhakash