awx icon indicating copy to clipboard operation
awx copied to clipboard

Published 20 hours ago verified publisher icon ansible

fix(sec): upgrade gitpython to 3.1.35

Open dack-su opened this issue 1 year ago • 1 comments

What happened?

There are 1 security vulnerabilities found in gitpython 3.1.32

What did I do?

Upgrade gitpython from 3.1.32 to 3.1.35 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

How can we automate the detection of these types of issues?

By using the GitHub Actions configurations provided by murphysec, we can conduct automatic code security checks in our CI pipeline.

The specification of the pull request

PR Specification from OSCS

dack-su avatar Oct 07 '23 09:10 dack-su

Thank you for the contribution. A couple additional changes need to be made to update the requirements. You can read how to update the requirements here https://github.com/ansible/awx/blob/devel/requirements/README.md. In the future if you come across another security issue here is how to report https://github.com/ansible/awx/blob/devel/SECURITY.md.

jessicamack avatar Oct 11 '23 19:10 jessicamack

I assume this can be closed, as GitPython has already been updated to 3.1.37 via #14925

cigamit avatar Mar 12 '24 06:03 cigamit