Fix LXML vulnerabilities and upgrade python-dateutil and selenium

ELDAELRA / ELRI

ELRI National Relay Station (fork of the ELRC-SHARE repository)

Other

2 stars 6 forks source link

Fix LXML vulnerabilities and upgrade python-dateutil and selenium #60

Closed tetchegoyhen closed 5 years ago

tetchegoyhen commented 5 years ago

The current version of lxml (4.1.1) has the following vulnerabilities:

CVE-2018-19787
CVE-2014-3146 lxml should be upgraded to 4.2.5 or higher.

The following dependencies should be upgraded to higher versions as well:

python-dateutil 2.4.2 --> 2.6.1
selenium 2.52.0 --> 3.141.0

jcorteslinkare commented 5 years ago

Updating requirements.txt of the django docker image (it will go with the next commit):

python-dateutil==2.6.1 selenium==3.141.0

tetchegoyhen commented 5 years ago

Hi Joao,

Eva already had already checked locally that everything works with the upgrades and was planning on pushing the changes in the next commit. We are still awaiting SEAD's feedback on our assessment of the vulnerabilities to push version upgrade changes.

Thanks,

Thierry

jcorteslinkare commented 5 years ago

Ok, i noted that there is a requirements.txt at the main project page (i will make the docker get this one instead).

emartinezvic commented 5 years ago

closed by 5bd9063