Tweak pywin32 vers #2955
Tweak pywin32 vers #2955
Conversation
jmackay-godaddy
requested review from
aiordache and
ulyssessouza
as code owners
…, and use the 3.x version if appropriate Signed-off-by: Jason Mackay <jmackay@godaddy.com>
Signed-off-by: Jason Mackay <jmackay@godaddy.com>
jmackay-godaddy
force-pushed
the
tweak_pywin32_vers
branch
from
5d825a4
to
da41397
Compare
|
@jmackay-godaddy I think this PR duplicates #2943 more or less |
Sure if you dont care about python 2 support go ahead use the other PR. This version retains Python2 support. |
|
As the author of #2943 I'm fine with this. Not generally in favor of keeping Python 2 around any longer, but this might make sense for most people. |
|
Hi! Thanks so much for your PR and apologies for the delay in review. A fix for this has been merged and we're planning to issue a new release containing it soon. For context, changes similar to yours were done in #3004 to address some CI changes in the repo, which blocked merging of your PR as-is, and given the delay on this, we wanted to be respectful of our contributor's time and not require you to rebase + re-review. |
The library
pywin32is being flagged by GitHub Dependabot with an integer overflow vulnerability which can be used by an attacker to crash the process in question.docker-pyhas a conditional dependency on the fixed version227of this library. This PR upgrades that to 228 for python2 users and upgrades to 301 (which fixes the security issue) for python3 users.