search

ExoCTK / exoctk

The Exoplanet Characterization Tool Kit
BSD 3-Clause "New" or "Revised" License
39 stars 22 forks source link

Libraries with vulnerabilities should be updated #567

Open chamblee-st opened 1 year ago

chamblee-st commented 1 year ago

The MAST team runs pip-audit to generate a report of libraries that should be updated. These old libraries have documented vulnerabilities that are known to be fixed in a newer version. Attached is the report run on May 12, 2023.

library-validation-short.txt

Updating the libraries in ExoCTK will guard against security vulnerabilities in ExoCTK and will ease integration with Exo.MAST.

You can run pip-audit yourself with:

cd exoctk
pip install pip-audit
pip-audit --format markdown --output library-validation-short.txt
hover2pi commented 1 year ago

Thanks for this snippet @chamblee-st ! I ran it for the release version of v1.2.5 and will leave the results here for future me to update for the v1.2.5.1 release.

Name | Version | ID | Fix Versions
--- | --- | --- | ---
cryptography | 39.0.0 | GHSA-w7pp-m8wf-vj6r | 39.0.1
cryptography | 39.0.0 | GHSA-x4qr-2fvf-3mr5 | 39.0.1
cryptography | 39.0.0 | GHSA-5cpq-8wj7-hf2v | 41.0.0
cryptography | 39.0.0 | GHSA-jm77-qphf-c4w8 | 41.0.3
cryptography | 39.0.0 | GHSA-v8gr-m533-ghj9 | 41.0.4
gitpython | 3.1.32 | PYSEC-2023-161 | 3.1.33
gitpython | 3.1.32 | PYSEC-2023-165 | 3.1.35
jupyter-server | 2.7.1 | PYSEC-2023-155 | 2.7.2
jupyter-server | 2.7.1 | PYSEC-2023-157 | 2.7.2
pillow | 9.4.0 | PYSEC-2023-175 | 10.0.1
nespinoza commented 9 months ago

@mfixstsci is going to have a look at this and bandit.