search

mitodl / odl-video-service

building blocks for a basic video service for ODL
BSD 3-Clause "New" or "Revised" License
4 stars 1 forks source link

Update dependency ipython to v8 [SECURITY] #1145

Open renovate[bot] opened 1 month ago

renovate[bot] commented 1 month ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
ipython ^7.16.3 -> ^8.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-24816

IPython provides an interactive Python shell and Jupyter kernel to use Python interactively. Versions prior to 8.10.0 are vulnerable to command injection in the set_term_title function under specific conditions. This has been patched in version 8.10.0.

Impact

Users are only vulnerable when calling this function in Windows in a Python environment where ctypes is not available. The dependency on ctypes in IPython.utils._process_win32 prevents the vulnerable code from ever being reached (making it effectively dead code). However, as a library that could be used by another tool, set_term_title could introduce a vulnerability for dependencies. Currently set_term_title is only called with (semi-)trusted input that contain the current working directory of the current IPython session. If an attacker can control directory names, and manage to get a user to cd into this directory, then the attacker can execute arbitrary commands contained in the folder names.

Release Notes

ipython/ipython (ipython) ### [`v8.10.0`](https://togithub.com/ipython/ipython/compare/8.9.0...8.10.0) [Compare Source](https://togithub.com/ipython/ipython/compare/8.9.0...8.10.0) ### [`v8.9.0`](https://togithub.com/ipython/ipython/compare/8.8.0...8.9.0) [Compare Source](https://togithub.com/ipython/ipython/compare/8.8.0...8.9.0) ### [`v8.8.0`](https://togithub.com/ipython/ipython/compare/8.7.0...8.8.0) [Compare Source](https://togithub.com/ipython/ipython/compare/8.7.0...8.8.0) ### [`v8.7.0`](https://togithub.com/ipython/ipython/compare/8.6.0...8.7.0) [Compare Source](https://togithub.com/ipython/ipython/compare/8.6.0...8.7.0) ### [`v8.6.0`](https://togithub.com/ipython/ipython/compare/8.5.0...8.6.0) [Compare Source](https://togithub.com/ipython/ipython/compare/8.5.0...8.6.0) ### [`v8.5.0`](https://togithub.com/ipython/ipython/compare/8.4.0...8.5.0) [Compare Source](https://togithub.com/ipython/ipython/compare/8.4.0...8.5.0) ### [`v8.4.0`](https://togithub.com/ipython/ipython/compare/8.3.0...8.4.0) [Compare Source](https://togithub.com/ipython/ipython/compare/8.3.0...8.4.0) ### [`v8.3.0`](https://togithub.com/ipython/ipython/compare/8.2.0...8.3.0) [Compare Source](https://togithub.com/ipython/ipython/compare/8.2.0...8.3.0) ### [`v8.2.0`](https://togithub.com/ipython/ipython/compare/8.1.1...8.2.0) [Compare Source](https://togithub.com/ipython/ipython/compare/8.1.1...8.2.0) ### [`v8.1.1`](https://togithub.com/ipython/ipython/compare/8.1.0...8.1.1) [Compare Source](https://togithub.com/ipython/ipython/compare/8.1.0...8.1.1) ### [`v8.1.0`](https://togithub.com/ipython/ipython/compare/8.0.1...8.1.0) [Compare Source](https://togithub.com/ipython/ipython/compare/8.0.1...8.1.0) ### [`v8.0.1`](https://togithub.com/ipython/ipython/compare/8.0.0...8.0.1) [Compare Source](https://togithub.com/ipython/ipython/compare/8.0.0...8.0.1) ### [`v8.0.0`](https://togithub.com/ipython/ipython/compare/7.34.0...8.0.0) [Compare Source](https://togithub.com/ipython/ipython/compare/7.34.0...8.0.0)

Configuration

πŸ“… Schedule: Branch creation - "" in timezone US/Eastern, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.