search

calgo-lab / green-db

The monorepo that powers the GreenDB.
https://calgo-lab.github.io/green-db/
22 stars 2 forks source link

Security incident in `scrapy >= 2.0.0, < 2.6.0` #38

Closed se-jaeger closed 2 years ago

se-jaeger commented 2 years ago

Currently, we face a moderate security incident. Luckily it's already fixed in scrapy >=2.6.0

Since this one is fixed: https://github.com/EasyPi/docker-scrapyd/issues/1 We can use the new docker tag 1.3.0-2.6.1 to solve this issue.

Simply set it here: https://github.com/calgo-lab/green-db/blob/44701ba08ded21af08b066a1a3b6ed3b99cb6cde/scraping/Dockerfile#L1-L2 and update the package dependencies.

se-jaeger commented 2 years ago

Make sure the new versions use twisted >=22.2.0 because early it also has vulnerabilities.