Mercurial > p > roundup > code

annotate .grype.yaml @ 7809:be6cb2e0d471

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
feat: add support for rotating jwt keys This allows jwt_secret to have multiple ',' separated secrets. The first/leftmost should be used to sign new JWTs. All of them are used (starting from left/newest) to try to verify a JWT. If the first secret is < 32 chars in length JWTs are disabled. If any of the other secrets are < 32 chars, the configuration code causes the software to exit. This prevents insecure (too short) secrets from being used. Updated doc examples and tests.
author John Rouillard <rouilj@ieee.org>
date Thu, 14 Mar 2024 19:04:19 -0400
parents 73cb61350d3b
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
7644
974599384dc5 build: disable CVE-2018-20225 pip package shadow
John Rouillard <rouilj@ieee.org>
parents:
diff changeset
1 ignore:
7648
73cb61350d3b build: fix format and remove fix-state.
John Rouillard <rouilj@ieee.org>
parents: 7647
diff changeset
2 - vulnerability: CVE-2018-20225
7645
939ecb42a031 build: try different ID for pip grype error.
John Rouillard <rouilj@ieee.org>
parents: 7644
diff changeset
3 - vulnerability: CVE-2018-20225-pip
Roundup Issue Tracker: http://roundup-tracker.org/