Ry Jones

pip-audit found one or more problems Name Version ID Fix Versions Description ------------ ------- ------------------- ------------ ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- cryptography 2.8 PYSEC-2021-62 3.2.1 python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in...

### Description As a developer/user, I want get artifacts from GHCR. ### Acceptance Criteria * [Artifacts published to GHCR](https://github.com/orgs/hyperledger/packages) ### Steps to Reproduce (Bug) 1. Check GHCR 2. [Are all...

### Description As a developer/user, I want get artifacts from Maven Central so that my configuration is easier. ### Acceptance Criteria * [Artifacts published to Maven Central](https://search.maven.org/search?q=org.hyperledger) ### Steps to...

Move inactive maintainers to emeritus status

1

The TOC approved a requirement that maintainers that have not been active in over three to six months be move to emeritus status. These maintainers have not been active in...

Remove Azure

2

This is the last thing we have in Azure.

Add GitHub ARM64 runners

2

Use github provided runners rather than our own.

[ This file is released under the OASIS IPR Policy, which may conflict with your project license. You should check this license carefully or remove the file from your repo.](https://github.com/hyperledger-labs/pluggable-hcs/blob/b7b185f7cb611405728c287534ec6ba40afe1d9e/vendor/github.com/miekg/pkcs11/pkcs11t.h#L1-L10)

If I create a template repo with our standard SECURITY.md, LICENSE, and the like, when someone uses that template, the DCO is removed on the first commit. Please give an...

Update to the security process for Hyperledger

1

[A task force has been formed to review and update the security process](https://wiki.hyperledger.org/display/TF/Gaps+between+guidance+and+implementation+for+CSVD).

These files are under the MPL-2.0 license, a weak copyleft license, which may be incompatible with your project license. I recommend that you remove these files, and if they can't be removed you must be sure that they are not combined or integrated with any other project code in your repo.

3

### Is this a regression? No ### Description [There are 1500 files with non-compliant licenses that need addressed.](https://lfscanning.org/reports/hyperledger/identus-2024-07-24-67e499f2-0017-42e5-96f7-c85464c0976d.html) ### Please provide the exception or error you saw ```Markdown This was...