search

adriangb / scikeras

Scikit-Learn API wrapper for Keras.
https://www.adriangb.com/scikeras/
MIT License
239 stars 47 forks source link

SecOps: Security issues found with grPC lib #306

Closed cristian-rincon closed 11 months ago

cristian-rincon commented 11 months ago

Hi,

I'm using Blackduck to get insights about security issues with FOSS libs we are about to use, and we've found this issues after installing your lib:

Vulnerability CVE-2023-32732 found in grPC lib Vulnerability CVE-2023-32731 found in grPC lib Vulnerability CVE-2023-1428 found in grPC lib

Do you have any workaround or planned work to fix them?

Thanks in advance

cristian-rincon commented 11 months ago

Adding @dggarciam to seek this issue

adriangb commented 11 months ago

It's an upstream issue: https://github.com/grpc/grpc/issues/31492

adriangb commented 11 months ago

I just made a new release removing the pin. FWIW it also only ever applied to M1 macs.

cristian-rincon commented 11 months ago

Hi, I just wanted to let you know that your Release pipeline failed. https://github.com/adriangb/scikeras/blob/master/pyproject.toml

as a result of that, your fix was not published to the Pypi.

adriangb commented 11 months ago

I am aware