-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Snyk Finding for python "future" package #4145
Comments
For whoever picks this up, my speculative judgement on this makes me believe we are not vulnerable since It just good due diligence to fix this, but I can't say I'm up for the job right now. |
Without removing the 100s references, The minimum thing we can do is adding a condition for the all the |
I think adding the condition is counter-intuitive for what future is supposed to do. |
Adding the condition will make sure |
RP submitted to remove But then, future is patched, https://pypi.org/project/future/0.18.3/ |
Patched and deployed to catalog. |
Please keep any sensitive details in Google Drive.
Date of report: 01/03/2023
Severity: High
Due date: 02/03/2023
Due date is based on severity and described in RA-5. 15-days for Critical, 30-days for High, and 90-days for Moderate and lower.
* When a finding is identified, we create two issues. One to address the specific instance identified in the report. The other is to identify and address all other occurrences of this vulnerability within the application.
Brief description
The text was updated successfully, but these errors were encountered: