Fix CVEs: aiohttp, cryptography, certifi (!808) · Merge requests · OSDU Software / OSDU Data Platform / Domain Data Management Services / Wellbore / Wellbore Domain Services · GitLab

Cyril Monmouton requested to merge feature/fix-CVEs into master Nov 08, 2023

Summary

Fix issues raised by Snyk by upgrading third party libs:

setuptools version
aiohttp 3.7.4.post0 => 3.8.0 (CWE-644)
cryptography 39.0.2 => 41.0.2 (CVE-2023-38325)
certifi 2022.12.7 => 2023.7.22 (CVE-2023-37920)

Type of change

🔒 Security fix
📃 Documentation

Edited Nov 17, 2023 by Cyril Monmouton