chatgpt-retrieval-plugin icon indicating copy to clipboard operation
chatgpt-retrieval-plugin copied to clipboard

Published 20 hours ago verified publisher icon openai

[Vulnerability] Upgrade packages to resolve security vulnerability

Open raghu017 opened this issue 2 years ago • 1 comments

Vulnerability updates

  • Bump aiohttp from 3.8.4 to 3.8.5 - aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
  • Bump certifi from 2023.5.7 to 2023.7.22 - Removal of e-Tugra root certificate
  • Bump cryptography from 41.0.1 to 41.0.3 - cryptography mishandles SSH certificates
  • Bump langchain from 0.0.188 to 0.0.264 - langchain Code Injection vulnerability

Enhancement

  • Bump Uvicorn from 0.20.0 to 0.22.0 - Latest Unicorn has a feature to specify timeout when shutdown doesn't complete https://www.uvicorn.org/settings/#timeouts

raghu017 avatar Aug 14 '23 20:08 raghu017

@isafulf will you review please? Also, what do you think about installing dependabot on this? I can send out a PR for it if you'd like.

vicondoa avatar Aug 30 '23 15:08 vicondoa