Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Minor bug fix. #323

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Minor bug fix. #323

wants to merge 1 commit into from

Conversation

Marven11
Copy link

@Marven11 Marven11 commented Mar 1, 2024

No description provided.

@Jamim
Copy link

Jamim commented Jun 24, 2024
edited
Loading

Hello @PiotrDabkowski,

It turns out, this isn't just a minor bug fix. It fixes CVE-2024-28397.
Would you mind merging it?

Thanks!

@Marven11
Copy link
Author

I've mailed him several times telling him this is the fix for the CVE since I found it. Maybe he's busy, or maybe he forget, or ignore everything. We can only wait for now.

@Jamim Jamim mentioned this pull request Jun 24, 2024
Closed
4 tasks
bmwiedemann pushed a commit to bmwiedemann/openSUSE that referenced this pull request Jul 1, 2024
@bmwiedemann
Update python-Js2Py to version 0.74 / rev 10 via SR 1184231
a951988 
https://build.opensuse.org/request/show/1184231
by user dgarcia + dimstar_suse
- Add CVE-2024-28397.patch upstream patch.
  (bsc#1226660, gh#PiotrDabkowski/Js2Py#323)
- Run tests
- Add patches:
  * remove-python-six.patch, to remove python-six dependency
  * python312.patch, to make it compatible with python312
philroche added a commit to philroche/advisories that referenced this pull request Oct 14, 2024
@philroche
feat(kubeflow-pipelines-visualization-server): pending upstream fix G…
f740b95 
…HSA-h95x-26f3-88hr

Marking as pending upstream fix:

> There is not currently a fixed version of the js2py package. So, the upstream project must migrate away from using js2py or wait for js2py to release a fixed version (and upgrade to it). Upstream PR @ PiotrDabkowski/Js2Py#323 which is yet to be merged.

This follows on from the same advisory filed for apache-beam-python-3.11-sdk @ chainguard-dev/enterprise-advisories#5130

Signed-off-by: philroche <phil.roche@chainguard.dev>
@philroche philroche mentioned this pull request Oct 14, 2024
Merged
github-merge-queue bot pushed a commit to wolfi-dev/advisories that referenced this pull request Oct 14, 2024
@philroche
feat(kubeflow-pipelines-visualization-server): pending upstream fix G…
da3609c 
…HSA-h95x-26f3-88hr (#8661)

Marking as pending upstream fix:

> There is not currently a fixed version of the js2py package. So, the upstream project must migrate away from using js2py or wait for js2py to release a fixed version (and upgrade to it). Upstream PR @ PiotrDabkowski/Js2Py#323 which is yet to be merged.

This follows on from the same advisory filed for apache-beam-python-3.11-sdk @ chainguard-dev/enterprise-advisories#5130

Signed-off-by: philroche <phil.roche@chainguard.dev>
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@PiotrDabkowski PiotrDabkowski PiotrDabkowski approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Marven11 @Jamim @PiotrDabkowski