fix(deps): bump cryptography from 38.0.4 to 39.0.1 (#497)

* build(deps): bump cryptography from 38.0.4 to 39.0.1 Bumps [cryptography](https://github.com/pyca/cryptography) from 38.0.4 to 39.0.1. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@38.0.4...39.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * test: add failing test for cryptograph integration * fix: add new parameter to method for loading private key * chore: fix lint --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jeff Ching <[email protected]>
googleapis · Feb 15, 2023 · b36d07d · b36d07d
1 parent 46ad699
commit b36d07d
Show file tree

Hide file tree

Showing 4 changed files with 85 additions and 34 deletions.
diff --git a/releasetool/github.py b/releasetool/github.py
@@ -103,7 +103,9 @@ def get_installation_access_token(
     }
 
     private_key_bytes = private_key_str.encode()
-    private_key = default_backend().load_pem_private_key(private_key_bytes, None)
+    private_key = default_backend().load_pem_private_key(
+        private_key_bytes, None, unsafe_skip_rsa_key_validation=False
+    )
     app_jwt = jwt.encode(payload, private_key, algorithm="RS256")
 
     headers = {

diff --git a/requirements.txt b/requirements.txt
@@ -14,9 +14,9 @@ bleach==4.1.0 \
     # via
     #   -r requirements.in
     #   readme-renderer
-cachetools==5.2.0 \
-    --hash=sha256:6a94c6402995a99c3970cc7e4884bb60b4a8639938157eeed436098bf9831757 \
-    --hash=sha256:f9f17d2aec496a9aa6b76f53e3b614c965223c061982d434d160f930c698a9db
+cachetools==4.2.4 \
+    --hash=sha256:89ea6f1b638d5a73a4f9226be57ac5e4f399d22770b92355f92dcb0f7f001693 \
+    --hash=sha256:92971d3cb7d2a97efff7c7bb1657f21a8f5fb309a37530537c71b1774189f2d1
     # via
     #   -r requirements.in
     #   google-auth
@@ -102,33 +102,30 @@ colorama==0.4.5 \
     --hash=sha256:854bf444933e37f5824ae7bfc1e98d5bce2ebe4160d46b5edf346a89358e99da \
     --hash=sha256:e6c6b4334fc50988a639d9b98aa429a0b57da6e17b9a44f0451f930b6967b7a4
     # via twine
-cryptography==38.0.4 \
-    --hash=sha256:0e70da4bdff7601b0ef48e6348339e490ebfb0cbe638e083c9c41fb49f00c8bd \
-    --hash=sha256:10652dd7282de17990b88679cb82f832752c4e8237f0c714be518044269415db \
-    --hash=sha256:175c1a818b87c9ac80bb7377f5520b7f31b3ef2a0004e2420319beadedb67290 \
-    --hash=sha256:1d7e632804a248103b60b16fb145e8df0bc60eed790ece0d12efe8cd3f3e7744 \
-    --hash=sha256:1f13ddda26a04c06eb57119caf27a524ccae20533729f4b1e4a69b54e07035eb \
-    --hash=sha256:2ec2a8714dd005949d4019195d72abed84198d877112abb5a27740e217e0ea8d \
-    --hash=sha256:2fa36a7b2cc0998a3a4d5af26ccb6273f3df133d61da2ba13b3286261e7efb70 \
-    --hash=sha256:2fb481682873035600b5502f0015b664abc26466153fab5c6bc92c1ea69d478b \
-    --hash=sha256:3178d46f363d4549b9a76264f41c6948752183b3f587666aff0555ac50fd7876 \
-    --hash=sha256:4367da5705922cf7070462e964f66e4ac24162e22ab0a2e9d31f1b270dd78083 \
-    --hash=sha256:4eb85075437f0b1fd8cd66c688469a0c4119e0ba855e3fef86691971b887caf6 \
-    --hash=sha256:50a1494ed0c3f5b4d07650a68cd6ca62efe8b596ce743a5c94403e6f11bf06c1 \
-    --hash=sha256:53049f3379ef05182864d13bb9686657659407148f901f3f1eee57a733fb4b00 \
-    --hash=sha256:6391e59ebe7c62d9902c24a4d8bcbc79a68e7c4ab65863536127c8a9cd94043b \
-    --hash=sha256:67461b5ebca2e4c2ab991733f8ab637a7265bb582f07c7c88914b5afb88cb95b \
-    --hash=sha256:78e47e28ddc4ace41dd38c42e6feecfdadf9c3be2af389abbfeef1ff06822285 \
-    --hash=sha256:80ca53981ceeb3241998443c4964a387771588c4e4a5d92735a493af868294f9 \
-    --hash=sha256:8a4b2bdb68a447fadebfd7d24855758fe2d6fecc7fed0b78d190b1af39a8e3b0 \
-    --hash=sha256:8e45653fb97eb2f20b8c96f9cd2b3a0654d742b47d638cf2897afbd97f80fa6d \
-    --hash=sha256:998cd19189d8a747b226d24c0207fdaa1e6658a1d3f2494541cb9dfbf7dcb6d2 \
-    --hash=sha256:a10498349d4c8eab7357a8f9aa3463791292845b79597ad1b98a543686fb1ec8 \
-    --hash=sha256:b4cad0cea995af760f82820ab4ca54e5471fc782f70a007f31531957f43e9dee \
-    --hash=sha256:bfe6472507986613dc6cc00b3d492b2f7564b02b3b3682d25ca7f40fa3fd321b \
-    --hash=sha256:c9e0d79ee4c56d841bd4ac6e7697c8ff3c8d6da67379057f29e66acffcd1e9a7 \
-    --hash=sha256:ca57eb3ddaccd1112c18fc80abe41db443cc2e9dcb1917078e02dfa010a4f353 \
-    --hash=sha256:ce127dd0a6a0811c251a6cddd014d292728484e530d80e872ad9806cfb1c5b3c
+cryptography==39.0.1 \
+    --hash=sha256:0f8da300b5c8af9f98111ffd512910bc792b4c77392a9523624680f7956a99d4 \
+    --hash=sha256:35f7c7d015d474f4011e859e93e789c87d21f6f4880ebdc29896a60403328f1f \
+    --hash=sha256:4789d1e3e257965e960232345002262ede4d094d1a19f4d3b52e48d4d8f3b885 \
+    --hash=sha256:5aa67414fcdfa22cf052e640cb5ddc461924a045cacf325cd164e65312d99502 \
+    --hash=sha256:5d2d8b87a490bfcd407ed9d49093793d0f75198a35e6eb1a923ce1ee86c62b41 \
+    --hash=sha256:6687ef6d0a6497e2b58e7c5b852b53f62142cfa7cd1555795758934da363a965 \
+    --hash=sha256:6f8ba7f0328b79f08bdacc3e4e66fb4d7aab0c3584e0bd41328dce5262e26b2e \
+    --hash=sha256:706843b48f9a3f9b9911979761c91541e3d90db1ca905fd63fee540a217698bc \
+    --hash=sha256:807ce09d4434881ca3a7594733669bd834f5b2c6d5c7e36f8c00f691887042ad \
+    --hash=sha256:83e17b26de248c33f3acffb922748151d71827d6021d98c70e6c1a25ddd78505 \
+    --hash=sha256:96f1157a7c08b5b189b16b47bc9db2332269d6680a196341bf30046330d15388 \
+    --hash=sha256:aec5a6c9864be7df2240c382740fcf3b96928c46604eaa7f3091f58b878c0bb6 \
+    --hash=sha256:b0afd054cd42f3d213bf82c629efb1ee5f22eba35bf0eec88ea9ea7304f511a2 \
+    --hash=sha256:c5caeb8188c24888c90b5108a441c106f7faa4c4c075a2bcae438c6e8ca73cef \
+    --hash=sha256:ced4e447ae29ca194449a3f1ce132ded8fcab06971ef5f618605aacaa612beac \
+    --hash=sha256:d1f6198ee6d9148405e49887803907fe8962a23e6c6f83ea7d98f1c0de375695 \
+    --hash=sha256:e124352fd3db36a9d4a21c1aa27fd5d051e621845cb87fb851c08f4f75ce8be6 \
+    --hash=sha256:e422abdec8b5fa8462aa016786680720d78bdce7a30c652b7fadf83a4ba35336 \
+    --hash=sha256:ef8b72fa70b348724ff1218267e7f7375b8de4e8194d1636ee60510aae104cd0 \
+    --hash=sha256:f0c64d1bd842ca2633e74a1a28033d139368ad959872533b1bab8c80e8240a0c \
+    --hash=sha256:f24077a3b5298a5a06a8e0536e3ea9ec60e4c7ac486755e5fb6e6ea9b3500106 \
+    --hash=sha256:fdd188c8a6ef8769f148f88f859884507b954cc64db6b52f66ef199bb9ad660a \
+    --hash=sha256:fe913f20024eb2cb2f323e42a64bdf2911bb9738a15dba7d3cce48151034e3a8
     # via
     #   -r requirements.in
     #   secretstorage
@@ -322,9 +319,9 @@ python-dateutil==2.8.2 \
     --hash=sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86 \
     --hash=sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9
     # via -r requirements.in
-readme-renderer==37.3 \
-    --hash=sha256:cd653186dfc73055656f090f227f5cb22a046d7f71a841dfa305f55c9a513273 \
-    --hash=sha256:f67a16caedfa71eef48a31b39708637a6f4664c4394801a7b0d6432d13907343
+readme-renderer==34.0 \
+    --hash=sha256:262510fe6aae81ed4e94d8b169077f325614c0b1a45916a80442c6576264a9c2 \
+    --hash=sha256:dfb4d17f21706d145f7473e0b61ca245ba58e810cf9b2209a48239677f82e5b0
     # via
     #   -r requirements.in
     #   twine

diff --git a/tests/test_github.py b/tests/test_github.py
@@ -0,0 +1,37 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+from releasetool import github
+import pathlib
+import requests_mock
+
+
+def test_app_credentials():
+    with requests_mock.Mocker() as m:
+        m.post(
+            "https://api.github.com/app/installations/my-installation-id/access_tokens",
+            status_code=201,
+            json={
+                "token": "remote-access-token",
+            },
+        )
+
+        private_key = (
+            pathlib.Path(__file__).parent / "testdata" / "fake-private-key.pem"
+        ).read_text()
+        token = github.get_installation_access_token(
+            "my-app-id", "my-installation-id", private_key
+        )
+        assert token == "remote-access-token"
diff --git a/tests/testdata/fake-private-key.pem b/tests/testdata/fake-private-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWgIBAAKBgGCmk6xUrFM3e8qS3gph31HusC/JmSf7+7+sG/8POpg/8gzBVq2m
+zcEGubHJWwWZHKxrDVKkyZc3G3u7XSD1+N+hh+LDf1Kt4JccDV5OJXZ6tCedjH6Z
+Ty1qX8nxb6SF8GZctypTzA5lZk2VVVeR5ficnKDGCngReUOYXCmXoRplAgMBAAEC
+gYBWE0QlD+vA2QL4cEArQureTxK+HG63+2RDWYY9a1Slzx1EWtNVJ97Kb7DlMwxL
+OgcdTuG4nmWitENXuI/CEQ2pEKNmUAKMqorhSHqL5mFJi7Oe5m8guNqM4ClvJlCS
+UKgj6v6B7uEPDsMEojvNllJElyBcw2ld4Ji6VN4LxsleKQJBALjICFD514yYdjtg
+3n8gJpZI9vIFTIwDnLcClIzZAfJwXU1hyaY7jVQKif9VOjUDZr3DGek8tPNeqIVb
+Xa9aH4MCQQCF5uK0YSk1yxBBzzoS+5fAAkNI0qYwBNPAoFhwZ+TT0y0S3enRI+m6
+5iYKOwef7E2QVYXUEOhvUIiKUAQFBxH3AkBRcxr3VqnEt4+mLNTmhG194Tu5Aszz
+CsSRhvmj/CP3kcAO1APm2mk5mkup2Q+HPrCTBOTvAmtgu2DdJ6DsInWxAkBptNi5
+n45h6hm+ajKlc7rbmK23WpxZgiYMhkjrDAmoc6i8oTWJpjlJE5FqOCmPxYOB8xIA
+VQy5e7Eex4Y01d0HAkA9c6tb9jFxFHQdcSSM02UuZAjA+YiboO5znl4FCC6lpgBd
+irnvYZ5sD2Ba6baUW2/IqQwuTL/t1QJpqbwwuJi5
+-----END RSA PRIVATE KEY-----