-
Notifications
You must be signed in to change notification settings - Fork 536
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update dependencies to fix various high/critical security vulnerabilies #1083
Conversation
fafc495
to
72aec53
Compare
@@ -1,41 +1,41 @@ | |||
FROM python:3.10 as base | |||
FROM python:3.10 AS base |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixes warnings on docker build:
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 1) 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 10) 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 14) 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 18) 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 22) 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 26) 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 30) 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 34) 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 40)
72aec53
to
346ea8f
Compare
thanks. |
deployed to |
@mrT23 when can we expect a new tagged version to be released? |
in 2-3 weeks. for example in github action:
|
wonderful, thank you! |
User description
This vulnerability scan results below is from the scan of the 0.24-github_app docker image but I believe would apply to most versions of the image.
PR Type
Bug fix, Dependencies
Description
setuptools
version requirement inpyproject.toml
from>=61.0
to>=70.0
.aiohttp
version from3.9.1
to3.9.2
to fix a high-severity security vulnerability (CVE-2024-23334).GitPython
version from3.1.32
to3.1.41
.gunicorn
version from20.1.0
to22.0.0
.Changes walkthrough 📝
pyproject.toml
Update `setuptools` version requirement in `pyproject.toml`
pyproject.toml
setuptools
version requirement from>=61.0
to>=70.0
.requirements.txt
Update dependencies to address security vulnerabilities
requirements.txt
aiohttp
version from3.9.1
to3.9.2
.GitPython
version from3.1.32
to3.1.41
.gunicorn
version from20.1.0
to22.0.0
.