python-sshpubkeys icon indicating copy to clipboard operation
python-sshpubkeys copied to clipboard
verified publisher icon ojarva

Update cryptography dependency, add pytest and bump the package version to 3.4.0

Open abhakash opened this issue 1 year ago • 0 comments

Summary

The package version in PyPI is still dependent on ecdsa, which has a vulnerability CVE-2024-23342. The latest version was never published. This change aims to upgrade the package version to 3.4.0 and upgrade other dependencies.

Changes in the PR

  1. Upgrade cryptography to 43.x . Since encode_point method is deprecated, switched to public_bytes method instead.
  2. Add pytest support for running tests. The init.py file is renamed to support pytest's *test.py format
  3. long(int) is not supported in Python3. int can handle long values
  4. Fixed Github Action run: upgraded actions version, added pytest, added ongoing python versions upto 3.13
  5. Fixed formatting as per yapf

Testing

Tests via pytest ran successfully. Github CI run : https://github.com/abhakash/python-sshpubkeys/actions/runs/12703787314

Let me know if any additional testing is required. Or if the package versioning should be changed.

abhakash avatar Jan 10 '25 05:01 abhakash