Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

feat(kubeflow-pipelines-visualization-server): pending upstream fix GHSA-h95x-26f3-88hr #8661

Merged
merged 1 commit into from
Oct 14, 2024
Merged

feat(kubeflow-pipelines-visualization-server): pending upstream fix GHSA-h95x-26f3-88hr #8661

merged 1 commit into from
Oct 14, 2024
+4 −0

Conversation

philroche
Copy link
Member

Marking as pending upstream fix:

There is not currently a fixed version of the js2py package. So, the upstream project must migrate away from using js2py or wait for js2py to release a fixed version (and upgrade to it). Upstream PR @ PiotrDabkowski/Js2Py#323 which is yet to be merged.

This follows on from the same advisory filed for apache-beam-python-3.11-sdk @ https://github.com/chainguard-dev/enterprise-advisories/pull/5130

Signed-off-by: philroche phil.roche@chainguard.dev

@philroche
feat(kubeflow-pipelines-visualization-server): pending upstream fix G…
f740b95 
…HSA-h95x-26f3-88hr

Marking as pending upstream fix:

> There is not currently a fixed version of the js2py package. So, the upstream project must migrate away from using js2py or wait for js2py to release a fixed version (and upgrade to it). Upstream PR @ PiotrDabkowski/Js2Py#323 which is yet to be merged.

This follows on from the same advisory filed for apache-beam-python-3.11-sdk @ chainguard-dev/enterprise-advisories#5130

Signed-off-by: philroche <phil.roche@chainguard.dev>
@philroche philroche marked this pull request as ready for review October 14, 2024 15:21
@philroche philroche added this pull request to the merge queue Oct 14, 2024
Merged via the queue into wolfi-dev:main with commit da3609c Oct 14, 2024
7 checks passed
@philroche philroche deleted the feature/cve-GHSA-h95x-26f3-88hr-kubeflow-pipelines-visualization-server branch October 14, 2024 19:04
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@mamccorm mamccorm mamccorm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@philroche @mamccorm