search

chdsbd / kodiak

🔮 A bot to automatically update and merge GitHub PRs
https://kodiakhq.com
GNU Affero General Public License v3.0
1.03k stars 65 forks source link

CVE-2022-29217 #821

Open StephenRadachy opened 2 years ago

StephenRadachy commented 2 years ago

Upgrade PyJWT-1.7.1-py2.py3-none-any.whl: https://nvd.nist.gov/vuln/detail/CVE-2022-29217

chdsbd commented 2 years ago

I don't think Kodiak is affected by this issue because Kodiak specifies the JWT algorithm: https://cs.github.com/chdsbd/kodiak/blob/cd699e620e88dd5725ec455c418c70902b7660a1/bot/kodiak/queries/__init__.py?q=jwt#L1320

But like these other vulnerabilities, I'd welcome a PR to update the package.