Skip to content

fix(deps): Project-Logos Pattern B (mixed) — VC-53657#193

Open
SahilWikhe-sw wants to merge 1 commit into
Venafi:masterfrom
SahilWikhe-sw:VC-53657-logos-fix-b
Open

fix(deps): Project-Logos Pattern B (mixed) — VC-53657#193
SahilWikhe-sw wants to merge 1 commit into
Venafi:masterfrom
SahilWikhe-sw:VC-53657-logos-fix-b

Conversation

@SahilWikhe-sw
Copy link
Copy Markdown

@SahilWikhe-sw SahilWikhe-sw commented Jun 3, 2026
edited
Loading

Summary

  • SC-002: Upgrade safety from EOL 2.3.5 to >=3.2; update docker-entrypoint.sh to use safety scan (3.x CLI command)
  • SC-004: Bump python-dateutil 2.8.2 to >=2.9.0 in requirements.txt and setup.py
  • SC-005: Bump pytest 7.4.3 to >=8.2 and pytest-cov 4.1.0 to >=6.0 in requirements-build.txt

Findings addressed

ID Severity Title Status
SC-002 Medium safety pinned to EOL 2.x line Fixed
SC-004 Low python-dateutil 2.8.2 - outdated Fixed
SC-005 Low pytest 7.4.3 / pytest-cov 4.1.0 - outdated dev dependencies Fixed

Skipped findings

ID Severity Title Reason
SC-001 Medium pynacl 1.5.0 - no release in 4+ years SealedBox uses XSalsa20-Poly1305 which is not available in the cryptography package. Needs a dedicated refactoring spike.

Local verification

  • 4 files changed: requirements.txt, requirements-build.txt, setup.py, docker-entrypoint.sh
  • pytest import failures (ModuleNotFoundError: six) are pre-existing in isolated env, unrelated to these bumps
  • Relates to Jira VC-53657 (story VC-53599, epic VC-53597)

Generated with Claude Code

@SahilWikhe-sw @claude
Upgrade unmaintained deps: safety>=3.2, python-dateutil>=2.9.0, pytes…
43b1849 
…t>=8.2, pytest-cov>=6.0

SC-002: safety 2.3.5 (EOL 2.x) -> safety>=3.2; update entrypoint to use 'safety scan'
SC-004: python-dateutil 2.8.2 -> >=2.9.0 in requirements.txt and setup.py
SC-005: pytest 7.4.3 -> >=8.2, pytest-cov 4.1.0 -> >=6.0

SC-001 (pynacl 1.5.0): skipped — SealedBox requires XSalsa20-Poly1305 not
available in the cryptography package; needs a dedicated refactoring spike.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@SahilWikhe-sw SahilWikhe-sw force-pushed the VC-53657-logos-fix-b branch from d5c8dcd to 43b1849 Compare June 3, 2026 22:42
@SahilWikhe-sw SahilWikhe-sw changed the title fix(deps): Project-Logos Pattern B (unmaintained) — VC-53657 fix(deps): Project-Logos Pattern B (mixed) — VC-53657 Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@luispresuelVenafi luispresuelVenafi Awaiting requested review from luispresuelVenafi luispresuelVenafi is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@SahilWikhe-sw