Closed dgriff67 closed 1 year ago
Thanks for the note, this is a reasonable request. I think we'd want to backport #62, #66, and #67, plus CI changes from #90/#91/#92.
I can't make any promises about the timeline at this point -- I'll put it on our internal todo list but it may be a few weeks before we can come back to this.
This should be fixed in srsly v1.0.7. Please let us know if you run into any issues!
I scanned an image with 1.0.7 and the security alert went away - many thanks!
From your release notes:
v2.4.4
However, the same fix for ultrajson does not seem to have been applied to the latest patch release major version 1. The version of SpaCy we have in our code base has
srsly = ">=0.0.6,<1.1.0"
and our security scan unveiled the vulnerability CVE-2022-31116.Would it be possible to put through a major version 1 patch release including the security fix to address CVE-2022-31116?
Kind regards,
David Griffiths