astro-sdk icon indicating copy to clipboard operation
astro-sdk copied to clipboard

Published 20 hours ago verified publisher icon astronomer

Restrict protobuf to <3.20 due to denial of service issue with version >=3.20.0, <3.20.2

Open pankajkoti opened this issue 3 years ago • 1 comments
trafficstars

We're alerted by Dependabot for the below security issue and hence we need to restrict protobuf version to <3.20.

Screenshot from 2022-10-14 16-34-57

pankajkoti avatar Oct 14 '22 15:10 pankajkoti

Codecov Report

Base: 95.71% // Head: 95.71% // No change to project coverage :thumbsup:

Coverage data is based on head (6e1e020) compared to base (8a544fa). Patch has no changes to coverable lines.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1071   +/-   ##
=======================================
  Coverage   95.71%   95.71%           
=======================================
  Files          19       19           
  Lines         677      677           
  Branches       68       68           
=======================================
  Hits          648      648           
  Misses         18       18           
  Partials       11       11

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.

codecov[bot] avatar Oct 14 '22 16:10 codecov[bot]

@pankajkoti any reason why we didn't merge this? Does it still make sense...? Should we rebase/merge or close it?

tatiana avatar Nov 22 '22 10:11 tatiana

We're no longer seeing this issue on main. So closing for now. If we see this again, we will reopen it.

pankajkoti avatar Nov 24 '22 12:11 pankajkoti