Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities in the dependent packages for nemogaurdrails package. #49

Closed
koushikv opened this issue Jun 21, 2023 · 2 comments
Closed

Vulnerabilities in the dependent packages for nemogaurdrails package. #49

koushikv opened this issue Jun 21, 2023 · 2 comments
Assignees
@drazvan

Comments

@koushikv
Copy link

Hello,

Firstly thank-you for this great library.
But when i tried to do a pip install I'm seeing some vulnerable packages with high severity level are getting downloaded for example:

Package Name: starlette
Package version: 0.26.1
Issue: it has a high severity vulnerability which was fixed in pater version 0.27.0 or higher
CVE code: SNYK-PYTHON-STARLETTE-5538332

Package Name: requests
Package version: 2.28.2
Issue: it has s medium severity vulnerability which was fixed in 2.31.2
CVE Code: SNYK-PYTHON-REQUESTS-5595532

So wanted to check if there is any plan to upgrade the versions of the above modules to fix the vulnerabilities?

Thanks in advance
@drazvan drazvan self-assigned this Jun 22, 2023
@drazvan
Copy link
Collaborator

drazvan commented Jun 22, 2023

Hi @koushikv! Yes, for the release at the end of this month, we will upgrade the packages you mentioned.

@drazvan
Copy link
Collaborator

drazvan commented Jun 30, 2023

This is now fixed. Thanks again @koushikv for reporting!

@drazvan drazvan closed this as completed Jun 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@drazvan drazvan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@drazvan @koushikv