Fix CVE

-> Vulnerability found in mako version 1.0.9 Vulnerability ID: 50870 Affected spec: <1.2.2 ADVISORY: Mako 1.2.2 includes a fix for a REDoS vulnerability.sqlalchemy/mako#366 PVE-2022-50870 For more information, please visit https://pyup.io/vulnerabilities/PVE-2022-50870/50870/ Ignore CVE Title: [1084602] Arbitrary Code Execution in underscore Severity: critical CWE: CWE-94 Vulnerable versions: >=1.3.2 <1.12.1 Patched versions: >=1.12.1 Recommendation: Upgrade to version 1.12.1 or later Version: 1.6.0 Path: openlayers > nomnom > underscore More info: GHSA-cf4h-3jhx-xvhq
camptocamp · Sep 30, 2022 · 909bfd9 · 909bfd9
1 parent 73b1531
commit 909bfd9
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/docker/build/requirements.txt b/docker/build/requirements.txt
@@ -35,7 +35,7 @@ isodate==0.6.0  # geoportal
 Jinja2==2.11.3  # c2c.template
 JSTools==1.0  # CGXP build
 lingua==4.13  # i18n
-Mako==1.0.9  # geoportal
+Mako==1.2.2  # geoportal
 mccabe==0.6.1  # lint
 more-itertools==7.2.0  # fix travis
 mypy==0.700  # lint

diff --git a/npm-cve-ignore b/npm-cve-ignore
@@ -1 +1 @@
-1004967,1006069,1006094,1006100,1006171,1006724,1006883,1006884
+1004967,1006069,1006094,1006100,1006171,1006724,1006883,1006884,1084602