[#677][#652]Update dependencies

nabla-c0d3 · Dec 26, 2024 · 0a2f1ed · 0a2f1ed
1 parent 00f2ee7
commit 0a2f1ed
Show file tree

Hide file tree

Showing 7 changed files with 35 additions and 35 deletions.
diff --git a/.github/workflows/run_tests_with_lowest_pydantic_version.yml b/.github/workflows/run_tests_with_lowest_pydantic_version.yml
@@ -22,8 +22,8 @@ jobs:
           python -m pip install --upgrade pip setuptools
           python -m pip install -e .
 
-      - name: Install pydantic 2.2
-        run: python -m pip install "pydantic==2.2"
+      - name: Install pydantic 2.3
+        run: python -m pip install "pydantic==2.3"
 
       - name: Install dev dependencies
         run: python -m pip install -r requirements-dev.txt

diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -1,7 +1,7 @@
-mypy==1.8
-ruff==0.2.2
+mypy==1.14
+ruff==0.8.4
 invoke>=2,<3
-pytest>=7.4,<8
+pytest>=8,<9
 sphinx
 sphinx-rtd-theme
 twine>=4,<5

diff --git a/setup.py b/setup.py
@@ -99,9 +99,9 @@ def get_include_files() -> List[Tuple[str, str]]:
     # Dependencies
     install_requires=[
         "nassl>=5.1,<6",
-        "cryptography>42,<43",
+        "cryptography>42,<45",
         "tls-parser>=2,<3",
-        "pydantic>=2.2,<2.8",
+        "pydantic>=2.3,<2.11",
     ],
     # cx_freeze info for Windows builds with Python embedded
     options={"build_exe": {"packages": ["cffi", "cryptography"], "include_files": get_include_files()}},

diff --git a/sslyze/connection_helpers/opportunistic_tls_helpers.py b/sslyze/connection_helpers/opportunistic_tls_helpers.py
@@ -142,7 +142,7 @@ class _RdpHelper(_OpportunisticTlsHelper):
 
     ERR_NO_STARTTLS = "RDP AUTH TLS was rejected"
 
-    START_TLS_CMD = b"\x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x03\x00\x00\x00"
+    START_TLS_CMD = b"\x03\x00\x00\x13\x0e\xe0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x03\x00\x00\x00"
     START_TLS_OK = b"Start TLS request accepted."
 
     def prepare_socket_for_tls_handshake(self, sock: socket.socket) -> None:
@@ -201,7 +201,7 @@ class _FtpHelper(_GenericOpportunisticTlsHelper):
 class _PostgresHelper(_GenericOpportunisticTlsHelper):
     ERR_NO_STARTTLS = "Postgres AUTH TLS was rejected"
 
-    START_TLS_CMD = b"\x00\x00\x00\x08\x04\xD2\x16\x2F"
+    START_TLS_CMD = b"\x00\x00\x00\x08\x04\xd2\x16\x2f"
     START_TLS_OK = b"S"
     SHOULD_WAIT_FOR_SERVER_BANNER = False
 

diff --git a/sslyze/mozilla_tls_profile/mozilla_config_checker.py b/sslyze/mozilla_tls_profile/mozilla_config_checker.py
@@ -173,9 +173,9 @@ def _check_tls_curves(
 
     tls_curves_difference = supported_curves - mozilla_config.tls_curves
     if tls_curves_difference:
-        issues_with_tls_curves[
-            "tls_curves"
-        ] = f"TLS curves {tls_curves_difference} are supported, but should be rejected."
+        issues_with_tls_curves["tls_curves"] = (
+            f"TLS curves {tls_curves_difference} are supported, but should be rejected."
+        )
 
     # TODO(AD): Disable the check on the curves; not even Google, Mozilla nor Cloudflare are compliant...
     # return problems_with_tls_curves
@@ -190,9 +190,9 @@ def _check_tls_vulnerabilities(scan_result: AllScanCommandsAttempts) -> Dict[str
 
     assert scan_result.openssl_ccs_injection.result
     if scan_result.openssl_ccs_injection.result.is_vulnerable_to_ccs_injection:
-        issues_with_tls_vulns[
-            "tls_vulnerability_ccs_injection"
-        ] = "Server is vulnerable to the OpenSSL CCS injection attack."
+        issues_with_tls_vulns["tls_vulnerability_ccs_injection"] = (
+            "Server is vulnerable to the OpenSSL CCS injection attack."
+        )
 
     assert scan_result.heartbleed.result
     if scan_result.heartbleed.result.is_vulnerable_to_heartbleed:
@@ -204,9 +204,9 @@ def _check_tls_vulnerabilities(scan_result: AllScanCommandsAttempts) -> Dict[str
 
     assert scan_result.session_renegotiation.result
     if not scan_result.session_renegotiation.result.supports_secure_renegotiation:
-        issues_with_tls_vulns[
-            "tls_vulnerability_renegotiation"
-        ] = "Server is vulnerable to the insecure renegotiation attack."
+        issues_with_tls_vulns["tls_vulnerability_renegotiation"] = (
+            "Server is vulnerable to the insecure renegotiation attack."
+        )
 
     return issues_with_tls_vulns
 
@@ -252,21 +252,21 @@ def _check_tls_versions_and_ciphers(
     issues_with_tls_ciphers = {}
     tls_versions_difference = tls_versions_supported - mozilla_config.tls_versions
     if tls_versions_difference:
-        issues_with_tls_ciphers[
-            "tls_versions"
-        ] = f"TLS versions {tls_versions_difference} are supported, but should be rejected."
+        issues_with_tls_ciphers["tls_versions"] = (
+            f"TLS versions {tls_versions_difference} are supported, but should be rejected."
+        )
 
     tls_1_3_cipher_suites_difference = tls_1_3_cipher_suites_supported - mozilla_config.ciphersuites
     if tls_1_3_cipher_suites_difference:
-        issues_with_tls_ciphers[
-            "ciphersuites"
-        ] = f"TLS 1.3 cipher suites {tls_1_3_cipher_suites_difference} are supported, but should be rejected."
+        issues_with_tls_ciphers["ciphersuites"] = (
+            f"TLS 1.3 cipher suites {tls_1_3_cipher_suites_difference} are supported, but should be rejected."
+        )
 
     cipher_suites_difference = cipher_suites_supported - mozilla_config.ciphers.iana
     if cipher_suites_difference:
-        issues_with_tls_ciphers[
-            "ciphers"
-        ] = f"Cipher suites {cipher_suites_difference} are supported, but should be rejected."
+        issues_with_tls_ciphers["ciphers"] = (
+            f"Cipher suites {cipher_suites_difference} are supported, but should be rejected."
+        )
 
     if mozilla_config.ecdh_param_size and smallest_ecdh_param_size < mozilla_config.ecdh_param_size:
         issues_with_tls_ciphers["ecdh_param_size"] = (
@@ -294,9 +294,9 @@ def _check_certificates(
         # Validate certificate trust
         leaf_cert = cert_deployment.received_certificate_chain[0]
         if not cert_deployment.verified_certificate_chain:
-            issues_with_certificates[
-                "certificate_path_validation"
-            ] = f"Certificate path validation failed for {leaf_cert.subject.rfc4514_string()}."
+            issues_with_certificates["certificate_path_validation"] = (
+                f"Certificate path validation failed for {leaf_cert.subject.rfc4514_string()}."
+            )
 
         # Validate the public key
         public_key = leaf_cert.public_key()
@@ -313,9 +313,9 @@ def _check_certificates(
         elif isinstance(public_key, RSAPublicKey):
             deployed_key_algorithms.add("rsa")
             if mozilla_config.rsa_key_size and public_key.key_size < mozilla_config.rsa_key_size:
-                issues_with_certificates[
-                    "rsa_key_size"
-                ] = f"RSA key size is {public_key.key_size}, minimum allowed is {mozilla_config.rsa_key_size}."
+                issues_with_certificates["rsa_key_size"] = (
+                    f"RSA key size is {public_key.key_size}, minimum allowed is {mozilla_config.rsa_key_size}."
+                )
 
         else:
             deployed_key_algorithms.add(public_key.__class__.__name__)

diff --git a/sslyze/plugins/plugin_base.py b/sslyze/plugins/plugin_base.py
@@ -1,5 +1,4 @@
-"""Main abstract plugin classes from which all the plugins should inherit.
-"""
+"""Main abstract plugin classes from which all the plugins should inherit."""
 
 from abc import ABC, abstractmethod
 from concurrent.futures import ThreadPoolExecutor

diff --git a/tests/web_servers/scan_localhost.py b/tests/web_servers/scan_localhost.py
@@ -7,6 +7,7 @@
 
 $ PYTHONPATH=. python tests/web_servers/scan_localhost.py apache2
 """
+
 import sys
 from datetime import datetime
 from enum import Enum