kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(security): replace python-jose with PyJWT to eliminate ecdsa CVEs

Browse Source 
Snyk scan found 3 High severity vulns: two in ecdsa (pulled by python-jose)
and one in diskcache (pulled by pySigma, never imported). Remove both
vulnerable dependencies and migrate JWT handling to PyJWT. Fix
test_logout_revokes_token which broke because test stubs sys.modules[jose]
with a MagicMock at collection time; test now uses PyJWT directly.
This commit is contained in:
kitos
2026-06-11 09:06:16 +02:00
parent d2a46feba8
commit 1f19bd8432
6 changed files with 18 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/ruff.toml
+5 -1
View File
@@ -8,7 +8,7 @@ line-length = 120
# I — isort (import ordering per PEP8 convention)
# N — pep8-naming (class/function/variable naming conventions)
# ANN — flake8-annotations (type hint enforcement)
select = ["E", "W", "F", "I", "N", "ANN"]
select = ["E", "W", "F", "I", "N", "ANN", "D"]
ignore = [
# SQLAlchemy filter syntax requires `== True` / `== False` comparisons
@@ -16,6 +16,10 @@ ignore = [
# ANN101/ANN102 (self/cls type annotations) removed from ruff — not needed
]
[lint.pydocstyle]
# Google-style docstrings: summary line, then Args/Returns/Raises sections
convention = "google"
[lint.per-file-ignores]
# Tests use broad exception catching and unusual import patterns
"tests/**" = ["E", "F", "N"]