Need to use latest pip package to remove lxml CVE, please generate a new stable tag.

Chaffelson / nipyapi

A convenient Python wrapper for Apache NiFi

Other

243 stars 76 forks source link

Need to use latest pip package to remove lxml CVE, please generate a new stable tag. #263

Closed bhaveshpatelh closed 3 years ago

bhaveshpatelh commented 3 years ago

Nipyapi version: 0.16.1
NiFi version:1.12.0
NiFi-Registry version:
Python version: Python 3.6.8
Operating System: Ubuntu

Description

Need to use the latest tag from pip, can you generate the latest tag, since the older lxml had CVEs. Seems like lxml has upgraded, but not generated the release tag https://github.com/Chaffelson/nipyapi/pull/252/files

What I Did

Using Dependabot, we got to know about this CVE, Bump lxml from 4.1.0 to 4.6.2 https://github.com/advisories/GHSA-pgww-xf46-h92r

Urgency

High, since we have started using this package and need to remove this CVE.

bhaveshpatelh commented 3 years ago

@Chaffelson Since it's a moderate severity, please check this out.

Chaffelson commented 3 years ago

Hey, sorry for the delay - v0.16.2 pushed today, please let me know if it doesn't do the job for you.

On Mon, Feb 8, 2021 at 3:12 PM Bhavesh Patel notifications@github.com wrote:

@Chaffelson https://github.com/Chaffelson Since it's a moderate severity, please check this out.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Chaffelson/nipyapi/issues/263#issuecomment-775217546, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACZAZOAQLLT46GG223BJAOTS575OTANCNFSM4XJFIZ5Q .

bhaveshpatelh commented 3 years ago

Thanks! This is resolved with the release v0.16.2