[Imprv] Update python setuptools to mitigate GHSA-r9hx-vwmv-q579 #427

kenmoini · 2023-10-30T14:36:42Z

Describe the request
The current pinned version of setuptools in requirements.txt is vulnerable to a RegExDoS as defined here in this CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-40897

Current behaviour
It works, though container image scans produce High impact rating vulnerability reports.

Expected behaviour
Pass container image scans when included in an execution environment.

The text was updated successfully, but these errors were encountered:

bhati-pradeep · 2023-11-17T11:39:16Z

I believe it was fixed by setuptools in : pypa/setuptools#3659
Assigning to @Gevorg-Khachatryan-97

kenmoini added the enhancement New feature or request label Oct 30, 2023

kenmoini assigned alaa-bish, Gevorg-Khachatryan-97 and premkarat Oct 30, 2023

bhati-pradeep added the 1.9.2 label Nov 9, 2023

bhati-pradeep assigned bhati-pradeep and unassigned premkarat, alaa-bish and Gevorg-Khachatryan-97 Nov 9, 2023

bhati-pradeep added this to To do in 1.9.2 Nov 16, 2023

Gevorg-Khachatryan-97 linked a pull request Nov 17, 2023 that will close this issue

update requirements #438

Open

Gevorg-Khachatryan-97 moved this from To do to Ready for review in 1.9.2 Nov 17, 2023

bhati-pradeep assigned Gevorg-Khachatryan-97 and unassigned bhati-pradeep Nov 17, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Imprv] Update python setuptools to mitigate GHSA-r9hx-vwmv-q579 #427

[Imprv] Update python setuptools to mitigate GHSA-r9hx-vwmv-q579 #427

kenmoini commented Oct 30, 2023

bhati-pradeep commented Nov 17, 2023

[Imprv] Update python setuptools to mitigate GHSA-r9hx-vwmv-q579 #427

[Imprv] Update python setuptools to mitigate GHSA-r9hx-vwmv-q579 #427

Comments

kenmoini commented Oct 30, 2023

bhati-pradeep commented Nov 17, 2023