dimaqq
commented
3 months ago Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.
🤣
Open fabaff opened 3 months ago
dimaqq
commented
3 months ago Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.
🤣
ojii
commented
3 months ago how is this relevant? we run black on our own code, not untrusted input. it's not part of the actual package and only used in development.
also, if I were to touch how we do code-formatting, I'd just switch to ruff.
Just to be sure not to be affected by CVE-2024-21503