This Pull Request addresses a security concern related to the use of the deprecated tempfile.mktemp() function, which is known to be insecure due to its susceptibility to race conditions that can lead to temporary file vulnerabilities, as described in CWE-377.
Changes Made
Replaced tempfile.mktemp() with tempfile.mkstemp() in metaflow/_vendor/click/_termui_impl.py. tempfile.mkstemp() securely creates a temporary file by returning both a file descriptor and a path, which significantly minimizes the risk of file-based race conditions.
Description
This Pull Request addresses a security concern related to the use of the deprecated tempfile.mktemp() function, which is known to be insecure due to its susceptibility to race conditions that can lead to temporary file vulnerabilities, as described in CWE-377.
Changes Made