jondricek
commented
4 months ago Thank you for pointing this out! I just updated the requirements.txt file addressing this. While the scripts in that folder haven't changed much over the years, we will likely keep them around and might be adding some more scripts we use there in the future.
The
requirements.txtin the util folder shows TQDM version 4.61.1 as a dependency, however this version of the library contains an arbitrary code execution vulnerability, https://security.snyk.io/vuln/SNYK-PYTHON-TQDM-6807582Please could this package be updated or, if the scripts are no longer supported (as they haven't been changed in a year, or had updates in 3 years), it may be worth removing the scripts from the repo.