upgrade cryptography python package

[ukclivecox]

Update cryptography version range

By itself causes build to fail. So need to add a set of further updates:

Python builder updates:

• python builder to 3.8
• ensure grpcio-tools is installed after conda env is created as its used in initial proto compile in tests
• limit protobuf version

Its unclear to me if a subset of these could be achievable. Seems centred on proto compile in python 3.8.

[ukclivecox]

/test integration

[ukclivecox]

/test notebooks

[ukclivecox]

integration test run:

[ukclivecox]

/test integration

[RafalSkolasinski]

That will put hard constraint on protobuf version in the user environment causing potential conflicts with other packages.

[adriangonz]

Are both the change in the protobuf version and the change in importlib_metadata required? I tried locally without those and seems the main Python tests are happy (haven't tried with anything else though).

[adriangonz]

I just had a look at the changes and noticed that the Python build image is still on Python 3.7 - so perhaps there's no need to change the Python version?

[mwm5945]

Just like to throw my hat in the ring here--this vulnerability is causing issues for us (i won't get into why, you'd have a novella to read lol), is there anything i can do to help push this along? thanks!

[adriangonz]

After having a deeper look, I think @cliveseldon you were 100% right on adding the extra dep changes. It seems something to do with tensorflow forcing an older protobuf, and also with running an old version of flake8 - but neither of them would be trivial fixes.

@RafalSkolasinski if you can have a look at the latest changes, it would be great to get your thumbs up.

[RafalSkolasinski]

Looks good - shall we fire integration & notebook tests?

[adriangonz]

/test integration

[adriangonz]

/test notebooks

[RafalSkolasinski]

/retest

[RafalSkolasinski]

/retest

[RafalSkolasinski]

/retest

[seldondev]

@cliveseldon: The following test failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
notebooks	71d1d60	link	/test notebooks

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the jenkins-x/lighthouse repository. I understand the commands that are listed here.

[adriangonz]

Just had a look at the notebook tests, and they seem to fail because of an issue not related to this PR (which should get fixed in #4691 ), so I'll go ahead and merge this one.

[mwm5945]

@cliveseldon @adriangonz any chance this would be part of a 1.14.2 release?

[adriangonz]

Hey @mwm5945 ,

We don't have plans atm to backport the fix to 1.14.x. Would upgrading to 1.15.x be an option for you?

[mwm5945]

@adriangonz potentially, though a 1.14 release would be preferred (people get anxious with package upgrades haha). Is there a large difference between 14 and 15?