Metadata regression: GHSA-887w-45rq-vxgf is not fixed in sqlalchemy v1.2.x

[jayaddison]

Hello,

I think that the affected/fixed version metadata for GHSA-887w-45rq-vxgf partially regressed in commit 41214dc.

That commit introduced a more-precise fix version of sqlalchemy version 1.3.0b3 (containing sqlalchemy/sqlalchemy@30307c4) -- but it also indicated that version 1.2.18 of sqlalchemy contains the fix, and that is not true.

I found this while reading pull request #7486 that corrects the metadata.

Thanks,
James

[taladrane]

We've merged the changes, thanks for letting us know!

Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!