New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updated Pygments to 2.7.4 #6770
Conversation
https://github.com/cms-sw/cmsdist/security/dependabot/pip/requirements.txt/Pygments/open CVE-2021-27291 Vulnerable versions: >= 1.1, < 2.7.4 Patched version: 2.7.4 In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
please test |
A new Pull Request was created by @smuzaffar (Malik Shahzad Muzaffar) for branch IB/CMSSW_11_3_X/master. @smuzaffar, @mrodozov can you please review it and eventually sign? Thanks. |
-1 Summary: https://cmssdt.cern.ch/SDT/jenkins-artifacts/pull-request-integration/PR-6ce2a9/13844/summary.html External BuildI found compilation error when building: File "/data/cmsbld/jenkins/workspace/ib-run-pr-tests/testBuildDir/slc7_amd64_gcc900/external/py2-pip/9.0.3-ljfedo/lib/python2.7/site-packages/pip/req/req_set.py", line 666, in _prepare_file check_dist_requires_python(dist) File "/data/cmsbld/jenkins/workspace/ib-run-pr-tests/testBuildDir/slc7_amd64_gcc900/external/py2-pip/9.0.3-ljfedo/lib/python2.7/site-packages/pip/utils/packaging.py", line 57, in check_dist_requires_python '.'.join(map(str, sys.version_info[:3])),) UnsupportedPythonVersion: Pygments requires Python '>=3.5' but the running Python is 2.7.15 error: Bad exit status from /data/cmsbld/jenkins/workspace/ib-run-pr-tests/testBuildDir/tmp/rpm-tmp.yLEpHB (%build) RPM build errors: Macro %rpmbuild_libdir defined but not used within scope Bad exit status from /data/cmsbld/jenkins/workspace/ib-run-pr-tests/testBuildDir/tmp/rpm-tmp.yLEpHB (%build) |
please test |
Pull request #6770 was updated. |
-1 Summary: https://cmssdt.cern.ch/SDT/jenkins-artifacts/pull-request-integration/PR-6ce2a9/14014/summary.html External BuildI found compilation warning when building: See details on the summary page. |
please test |
Pull request #6770 was updated. |
-1 Summary: https://cmssdt.cern.ch/SDT/jenkins-artifacts/pull-request-integration/PR-6ce2a9/14016/summary.html External BuildI found compilation warning when building: See details on the summary page. |
8771c74
to
3c69ea8
Compare
please test |
Pull request #6770 was updated. |
-1 Failed Tests: UnitTests Unit TestsI found errors in the following unit tests: ---> test import-hyperas had ERRORS ---> test import-ipykernel had ERRORS ---> test import-ipywidgets had ERRORS ---> test import-jupyter had ERRORS and more ... Comparison SummarySummary:
|
please test with cms-sw/cmssw#33473 |
+1 Summary: https://cmssdt.cern.ch/SDT/jenkins-artifacts/pull-request-integration/PR-6ce2a9/14327/summary.html Comparison SummarySummary:
|
+externals |
This pull request is fully signed and it will be integrated in one of the next IB/CMSSW_12_0_X/master IBs (tests are also fine). This pull request will now be reviewed by the release team before it's merged. @silviodonato, @dpiparo, @qliphy (and backports should be raised in the release meeting by the corresponding L2) |
merge |
there is a cmssw PR to go before this :D |
ah ok it's merged |
https://github.com/cms-sw/cmsdist/security/dependabot/pip/requirements.txt/Pygments/open