canopy icon indicating copy to clipboard operation
canopy copied to clipboard
verified publisher icon pinecone-io

[Vulnerability] Reporting a security vulnerability due to Gunicorn version being used

Open srhrshr opened this issue 1 year ago • 0 comments

Is this a new bug?

  • [X] I believe this is a new bug
  • [X] I have searched the existing issues, and I could not find an existing issue for this bug

Current Behavior

Hello!

The latest version of canopy 0.9.0 depends upon the package gunicorn==21.2.0 that is reported to be vulnerable. We would like this to be patched at the earliest for our security and compliance requirements.

Looks like the last package release was in March 2024, so we'd like to see if it's on your roadmap for the next release, or do you think it's better to submit a PR for this ourselves?

Expected Behavior

The fix is to upgrade the gunicorn version to at least 22.0.0.

Steps To Reproduce

N/A

Relevant log output

No response

Environment

N/A

Additional Context

No response

srhrshr avatar Oct 21 '24 23:10 srhrshr