search

MycroftAI / mycroft-core

Mycroft Core, the Mycroft Artificial Intelligence platform.
https://mycroft.ai
Apache License 2.0
6.48k stars 1.27k forks source link

fix(sec): upgrade psutil to 5.6.7 #3158

Open realize096 opened 9 months ago

realize096 commented 9 months ago

What happened?

There are 1 security vulnerabilities found in psutil 5.6.6

What did I do?

Upgrade psutil from 5.6.6 to 5.6.7 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

How can we automate the detection of these types of issues?

By using the GitHub Actions configurations provided by murphysec, we can conduct automatic code security checks in our CI pipeline.

The specification of the pull request

PR Specification from OSCS

devops-mycroft commented 9 months ago

Hello, @realize096, thank you for helping with the Mycroft project! We welcome everyone into the community and greatly appreciate your help as we work to build an AI for Everyone.

To protect yourself, the project, and users of Mycroft technologies we require a Contributor Licensing Agreement (CLA) before accepting any code contribution. This agreement makes it crystal clear that along with your code you are offering a license to use it within the confines of this project. You retain ownership of the code, this is just a license.

Please visit https://mycroft.ai/cla to initiate this one-time signing. Thank you!

devops-mycroft commented 9 months ago

Voight Kampff Integration Test Failed (Results). Mycroft logs are also available: skills.log, audio.log, voice.log, bus.log, enclosure.log