Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade gcloud-aio-auth to 5.2.+ #39491

Closed
1 task done
potiuk opened this issue May 8, 2024 · 4 comments
Closed
1 task done

Upgrade gcloud-aio-auth to 5.2.+ #39491

potiuk opened this issue May 8, 2024 · 4 comments
Labels
area:providers good first issue kind:meta High-level information important to the community provider:google Google (including GCP) related issues

Comments

@potiuk
Copy link
Member

potiuk commented May 8, 2024

Body

The gcloud-aio-auth <5.0.0 limits cryptography to < 42..0.0 which has CVE-2023-50782 and it blocks airflow from upgrading to newer cryptography version.

Committer

  • I acknowledge that I am a maintainer/committer of the Apache Airflow project.
@potiuk potiuk added the kind:meta High-level information important to the community label May 8, 2024
@potiuk potiuk changed the title Upgrade gcloud-aio-auth Upgrade gcloud-aio-auth to 5.2.+ May 8, 2024
@potiuk
Copy link
Member Author

potiuk commented May 8, 2024

cc: @VladaZakharova - maybe your team could take a look at that one:

Here is a comment from provider.yaml

  # When upgrading the major version of gcloud-aio-auth we want to make sure to
  # 1. use at least version 5.2, which uses offset-aware datetime internally
  # 2. override Token's new `refresh` method instead of `acquire_access_token`, which allows us to avoid
  #    dealing with internals like `access_token_acquired_at`
  # 3. continue to `subclass gcloud.aio.auth.token.Token` instead of `BaseToken`, since instances of
  #    `_CredentialsToken` are instances of `Token` and used as such
  - gcloud-aio-auth>=4.0.0,<5.0.0

@VladaZakharova
Copy link
Contributor

Hi!
Yes, sure, thank you

@eladkal eladkal added provider:google Google (including GCP) related issues area:providers good first issue labels Jun 17, 2024
@eladkal
Copy link
Contributor

eladkal commented Aug 23, 2024

This is already completed. Closing

@eladkal eladkal closed this as completed Aug 23, 2024
@dimon222
Copy link
Contributor

dimon222 commented Aug 23, 2024
edited
Loading

@eladkal any reference to exact PR?

UPD: found #41262

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area:providers good first issue kind:meta High-level information important to the community provider:google Google (including GCP) related issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@potiuk @dimon222 @eladkal @VladaZakharova