Open chamblee-st opened 1 year ago
Thanks for this snippet @chamblee-st ! I ran it for the release version of v1.2.5 and will leave the results here for future me to update for the v1.2.5.1 release.
Name | Version | ID | Fix Versions
--- | --- | --- | ---
cryptography | 39.0.0 | GHSA-w7pp-m8wf-vj6r | 39.0.1
cryptography | 39.0.0 | GHSA-x4qr-2fvf-3mr5 | 39.0.1
cryptography | 39.0.0 | GHSA-5cpq-8wj7-hf2v | 41.0.0
cryptography | 39.0.0 | GHSA-jm77-qphf-c4w8 | 41.0.3
cryptography | 39.0.0 | GHSA-v8gr-m533-ghj9 | 41.0.4
gitpython | 3.1.32 | PYSEC-2023-161 | 3.1.33
gitpython | 3.1.32 | PYSEC-2023-165 | 3.1.35
jupyter-server | 2.7.1 | PYSEC-2023-155 | 2.7.2
jupyter-server | 2.7.1 | PYSEC-2023-157 | 2.7.2
pillow | 9.4.0 | PYSEC-2023-175 | 10.0.1
@mfixstsci is going to have a look at this and bandit
.
The MAST team runs pip-audit to generate a report of libraries that should be updated. These old libraries have documented vulnerabilities that are known to be fixed in a newer version. Attached is the report run on May 12, 2023.
library-validation-short.txt
Updating the libraries in ExoCTK will guard against security vulnerabilities in ExoCTK and will ease integration with Exo.MAST.
You can run pip-audit yourself with: