Skip to content

fix: upgrade pyasn1 to address CVE-2026-30922#3346

Merged
uruwhy merged 4 commits into
masterfrom
fix/cve-pyasn1-upgrade
Apr 14, 2026
Merged

fix: upgrade pyasn1 to address CVE-2026-30922#3346
uruwhy merged 4 commits into
masterfrom
fix/cve-pyasn1-upgrade

Conversation

@deacon-mp
Copy link
Copy Markdown
Contributor

@deacon-mp deacon-mp commented Mar 17, 2026
edited by jlklos
Loading

Summary

CVE Details

  • CVE-2026-30922: Vulnerability in pyasn1 <= 0.5.1
  • Fix version: 0.6.3
  • Detected by: pip-audit

Test plan

  • Verify pip install -r requirements.txt succeeds
  • Run existing test suite
  • Verify Caldera server starts without errors

@deacon-mp
fix: upgrade pyasn1 to >=0.6.3 to address CVE-2026-30922
ecdd6e7 
pyasn1 0.5.1 is affected by CVE-2026-30922. Upgrading the version
pin to >=0.6.3 which contains the fix.

Detected by: pip-audit
@deacon-mp
Copy link
Copy Markdown
Contributor Author

deacon-mp commented Mar 18, 2026

/review

@deacon-mp deacon-mp requested a review from Copilot March 18, 2026 03:09
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

jlklos
jlklos previously approved these changes Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jlklos jlklos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and ran a test operation after launching Caldera server. No issues detected.

@deacon-mp deacon-mp requested a review from Copilot April 1, 2026 21:12
Copilot AI reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 1, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

jlklos
jlklos approved these changes Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jlklos jlklos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated to pin version to 0.6.3.

@azure-pipelines
Copy link
Copy Markdown

azure-pipelines Bot commented Apr 14, 2026

Azure Pipelines:
1 pipeline(s) were filtered out due to trigger conditions.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 14, 2026

❌ The last analysis has failed.

See analysis details on SonarQube Cloud

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 14, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 14, 2026

❌ The last analysis has failed.

See analysis details on SonarQube Cloud

uruwhy
uruwhy approved these changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@uruwhy uruwhy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changelogs from the package don't seem to indicate any breaking changes

@uruwhy uruwhy merged commit 0cd64e0 into master Apr 14, 2026
14 of 15 checks passed
@uruwhy uruwhy deleted the fix/cve-pyasn1-upgrade branch April 14, 2026 12:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+2 more reviewers

@jlklos jlklos jlklos approved these changes

@uruwhy uruwhy uruwhy approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@deacon-mp @jlklos @uruwhy