Skip to content

fix: security update -> use sha256 instead of md5 for file hashing #4965

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Dec 20, 2024
Merged

fix: security update -> use sha256 instead of md5 for file hashing #4965

merged 5 commits into from
Dec 20, 2024

Conversation

brockwade633
Copy link
Contributor

@brockwade633 brockwade633 commented Dec 16, 2024
edited
Loading

Description of changes:
This change updates the sagemaker workflow hashing algorithm from md5 to the more modern sha256

Testing done:
Existing tests will verify backwards compatibility and ensure expected behavior.

Merge Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your pull request.

General

  • I have read the CONTRIBUTING doc
  • I certify that the changes I am introducing will be backward compatible, and I have discussed concerns about this, if any, with the Python SDK team
  • I used the commit message format described in CONTRIBUTING
  • [N/A] I have passed the region in to all S3 and STS clients that I've initialized as part of this change.
  • [N/A] I have updated any necessary documentation, including READMEs and API docs (if appropriate)

Tests

  • I have added tests that prove my fix is effective or that my feature works (if appropriate)
  • I have added unit and/or integration tests as appropriate to ensure backward compatibility of the changes
  • I have checked that my tests are not configured for a specific region or account (if appropriate)
  • I have used unique_name_from_base to create resource names in integ tests (if appropriate)
  • If adding any dependency in requirements.txt files, I have spell checked and ensured they exist in PyPi

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@brockwade633 brockwade633 requested a review from a team as a code owner December 16, 2024 21:01
@brockwade633 brockwade633 changed the title fix: security patch -> use sha256 instead of md5 for file hashing chore: update unit tests for file hashing Dec 18, 2024
@brockwade633 brockwade633 changed the title chore: update unit tests for file hashing fix: security update -> use sha256 instead of md5 for file hashing Dec 18, 2024
@brockwade633
Copy link
Contributor Author

I amended the same commit locally for cleanliness but unfortunately still ended up with multiple commits here

@Aditi2424 Aditi2424 merged commit 75cfcb1 into aws:master Dec 20, 2024
13 of 14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Aditi2424 Aditi2424 Aditi2424 approved these changes

@sage-maker sage-maker Awaiting requested review from sage-maker sage-maker is a code owner automatically assigned from aws/sagemaker-ml-frameworks

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@brockwade633 @Aditi2424