Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] remove ujson package (CVE-2022-31116, CVE-2022-31117, CVE-2021-45958) #1676

Open
wants to merge 5 commits into
base: main
Choose a base branch
from

Conversation

PatStLouis
Copy link
Contributor

Signed-off-by: pstlouis <[email protected]>
@PatStLouis PatStLouis requested a review from a team as a code owner July 26, 2024 14:32
@WadeBarnes
Copy link
Member

@PatStLouis, Please rebase this PR now that your fix for the failed action has been merged. Thanks

@crajapakshe
Copy link

@PatStLouis Here is the some notes for remediation process.
image

@PatStLouis
Copy link
Contributor Author

@crajapakshe pysha3 is a separate package, and we won't likely be able to update this package in a timely manner as there is some breaking changes introduced in >=1.0. Current installations use version 0.2.1.

@PatStLouis PatStLouis changed the title [Security] Bump ujson to 5.4.0 [Security] remove ujson package (CVE-2022-31116, CVE-2022-31117, CVE-2021-45958) Sep 13, 2024
Signed-off-by: pstlouis <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants