Upgrade cryptography-2.8: https://nvd.nist.gov/vuln/detail/CVE-2020-36242, https://nvd.nist.gov/vuln/detail/CVE-2020-25659

I don't think Kodiak is vulnerable to this issue because Kodiak doesn't symmetrically encrypt multi-GB values.

Regarding the timing attacks, I don't think that's an issue for us because we don't allow users to initiate connections to Kodiak, only GitHub

But like these other vulnerabilities, I'd welcome a PR to update the package.

We've upgraded to cryptography 3.4.6 with #826, so this issue is no longer valid