Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the requirements files when correct versions of these packages released #1228

Closed
KSchopmeyer opened this issue Nov 1, 2022 · 0 comments · Fixed by #1229
Closed

Update the requirements files when correct versions of these packages released #1228

KSchopmeyer opened this issue Nov 1, 2022 · 0 comments · Fixed by #1229
Assignees
@KSchopmeyer
Labels
area: test resolution: fixed type: bug
Milestone
1.1.0

Comments

@KSchopmeyer
Copy link
Contributor

KSchopmeyer commented Nov 1, 2022
edited

This safety issue requires that wheel be update to 0.38.0. However, that version was yanked because it causes circular reference. When a version of these pachages is released that is correct, the version definitions should be updated to that version.

  1. Safety issue 41499, Wheel CVE fix in version 0.38.0 yanked after release.
  2. 51457 py - Latest release has this safety issue i.e. <=1.11.0

In relation to py, see the following two py issues:

  1. ReDoS vulnerability in svnurl.py pytest-dev/py#287 - ReDoS vulnerability in svnurl.py. This identifies the issue that initiated the CVS
  2. Plan for dropping/deprecating submodules of py and releasing v2.0 pytest-dev/py#288 - Plan for dropping/deprecating submodules of py and releasing v2.0. This pr shows info on the use of py is a serious proposal to create a minimal v2 and drop almost all of it.

QUESTION: is py a real package requirement for pywbemtools today? There is no import so we do not use it and not clear if pytest uses it.
@KSchopmeyer KSchopmeyer changed the title Update whele to correct safety issue 41499 Update the requirements files when correct versions of these packages released Nov 4, 2022
@KSchopmeyer KSchopmeyer self-assigned this Nov 4, 2022
@andy-maier andy-maier added this to the 1.1.0 milestone Nov 8, 2022
@andy-maier andy-maier linked a pull request Nov 8, 2022 that will close this issue
Fix issues from Nov 2022 security issue changes #1229
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KSchopmeyer KSchopmeyer

Labels
area: test resolution: fixed type: bug
Projects
None yet
Milestone
1.1.0
Development

Successfully merging a pull request may close this issue.

Fix issues from Nov 2022 security issue changes pywbem/pywbemtools
2 participants
@KSchopmeyer @andy-maier