A new release is needed to pick up dependabot fixes for CVE-2023-32681

blackducksoftware / hub-rest-api-python

HUB REST API Python bindings

Apache License 2.0

89 stars 104 forks source link

A new release is needed to pick up dependabot fixes for CVE-2023-32681 #257

Closed andy778 closed 4 months ago

andy778 commented 9 months ago

I noticed I had a defect in my software CVE-2023-32681 that is fixed in requests 2.31.0, and that was updated here by depdendabot but no release after that. so this exists in blackduck 1.1.0 when one install with pip

OffBy0x01 commented 8 months ago

I'll pick this up tomorrow evening.

andy778 commented 7 months ago

Status?

andy778 commented 4 months ago

Would be good to add the scorecard badge in this project https://securityscorecards.dev/ as then this root case will be more visible

OffBy0x01 commented 4 months ago

https://pypi.org/project/blackduck/1.1.3/