Facundo Tuesca
Facundo Tuesca
Hi all, I'm opening this issue to propose a way of automatically checking Node's dependencies for new vulnerabilities, as part of CI. The idea is to query both the [NVD](https://nvd.nist.gov)...
This PR fixes two issues with the ASN.1 generated when signing using PKCS#7: ## First issue The [current implementation](https://github.com/pyca/cryptography/blob/bfcdfbefb32c5a9786ef66d4eb0777f70ae5943b/src/rust/src/pkcs7.rs#L103-L109) defines the SMIMECapabilities attribute so that its value is a SEQUENCE...
Part of https://github.com/pyca/cryptography/issues/9795. Now that the Rust bindings needed are in place (https://github.com/sfackler/rust-openssl/pull/2144), this PR adds support for ECDSA deterministic signing (RFC 6979), a new feature in `OpenSSL >= 3.2.0`....
`pyOpenSSL` does not seem to be used anywhere in the codebase. This PR removes it from the testing dependencies.
Before this change, all generated feeds would have the same generic `MangaReader Bridge` title. This PR makes the name of the generated feed the same as the manga name.
I'm opening this PR with an initial implementation of S/MIME encryption, in order to better discuss the API design, the algorithms we want to support, and how we want to...
## Description Signed S/MIME message using `cryptography`: ```python b'MIME-Version: 1.0\r\nContent-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-512"; boundary="===============3031221955182774630=="\r\n\r\nThis is an S/MIME signed message\r\n\r\n....' ``` Signed S/MIME message using `OpenSSL 3.2.0`: ```python b'MIME-Version: 1.0\nContent-Type: multipart/signed;...
## Description Add support for uploading [PEP 740](https://peps.python.org/pep-0740/) attestations along with distribution files. Part of https://github.com/pypi/warehouse/issues/15871. For now only GHA-signed attestations are supported, but the implementation allows easily adding other...
While working on https://github.com/pypi/warehouse/issues/15871, which includes adding `sigstore` as a dependency to `warehouse` (in order to be able to verify attestations), the following dependency conflict came up: The latest version...
As discussed in [this thread](https://github.com/pypi/warehouse/pull/15839#discussion_r1576471116), creating a GitLab trusted publisher validates the input fields (like the namespace and project) against some simple regexes: https://github.com/pypi/warehouse/blob/1036b14406f6b2901cf5e740fe42528c4bccf2de/warehouse/oidc/forms/gitlab.py#L21-L24 These regexes are too permissive: they...