cedricbonhomme
commented
10 months ago There is a new vulnerability in aiohttp: CVE-2024-23334. Is it possible to update the project dependencies and release a new version ?
Thanks a lot !
Open cedricbonhomme opened 11 months ago
cedricbonhomme
commented
10 months ago There is a new vulnerability in aiohttp: CVE-2024-23334. Is it possible to update the project dependencies and release a new version ?
Thanks a lot !
Hello,
There are couple of security issues related to aiohttp. Even one with a high level score: CVE-2023-49081. In my project there is a total of 5 vulnerabilities related to aiohttp (which is a dependency of SPADE).
Would it be possible to publish a release with updated dependencies ? I understand that you have other things to do than constantly fix broken things in SPADE due to Python version updates. etc. Maybe you could use dependabot to at least creating pull requests for you. Then you can just review and merge.
Thank you,