Merge pull request #12983 from RasaHQ/ATO-1959-patch-security-vulnera…

…bility-3.6.x [ATO-1959] Fix Improper Certificate Validation 3.6.X
RasaHQ · Jan 2, 2024 · b1199ca · b1199ca
2 parents ff52994 + 559aa39
commit b1199ca
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 26 deletions.
diff --git a/.github/workflows/continous-integration.yml b/.github/workflows/continous-integration.yml
@@ -287,6 +287,12 @@ jobs:
         run: |
           poetry self add setuptools
 
+      - name: Prevent race condition in poetry build
+        # More context about race condition during poetry build can be found here:
+        # https://github.com/python-poetry/poetry/issues/7611#issuecomment-1747836233
+        run: |
+          poetry config installer.max-workers 1
+
       - name: Load Poetry Cached Libraries ⬇
         id: cache-poetry
         if: needs.changes.outputs.backend == 'true'

diff --git a/changelog/12983.bugfix.md b/changelog/12983.bugfix.md
@@ -0,0 +1 @@
+Upgrade Cryptography to fix improper certificate validation.
diff --git a/changelog/712.misc.md b/changelog/712.misc.md
@@ -0,0 +1 @@
+Prevent race condition in poetry build to fix dependency install failures on windows.
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -154,7 +154,7 @@ structlog-sentry = "^2.0.2"
 dnspython = "2.3.0"
 wheel = ">=0.38.1"
 certifi = ">=2023.7.22"
-cryptography = ">=41.0.2"
+cryptography = ">=41.0.7"
 [[tool.poetry.dependencies.tensorflow-io-gcs-filesystem]]
 version = "==0.31"
 markers = "sys_platform == 'win32'"