indy-plenum icon indicating copy to clipboard operation
indy-plenum copied to clipboard
verified publisher icon hyperledger

[Security] remove ujson package (CVE-2022-31116, CVE-2022-31117, CVE-2021-45958)

Open PatStLouis opened this issue 1 year ago • 3 comments

https://security.snyk.io/package/pip/ujson

PatStLouis avatar Jul 26 '24 14:07 PatStLouis

@PatStLouis, Please rebase this PR now that your fix for the failed action has been merged. Thanks

WadeBarnes avatar Jul 30 '24 13:07 WadeBarnes

@PatStLouis Here is the some notes for remediation process. image

crajapakshe avatar Aug 06 '24 19:08 crajapakshe

@crajapakshe pysha3 is a separate package, and we won't likely be able to update this package in a timely manner as there is some breaking changes introduced in >=1.0. Current installations use version 0.2.1.

PatStLouis avatar Sep 03 '24 17:09 PatStLouis