pyproject.toml: Require gunicorn>=22 because of CVE-2024-1135

rdmorganiser / rdmo

A tool to support the planning, implementation, and organization of research data management.

https://rdmorganiser.github.io

Apache License 2.0

105 stars 49 forks source link

pyproject.toml: Require gunicorn>=22 because of CVE-2024-1135 #1132

Closed hardfalcon closed 3 months ago

hardfalcon commented 3 months ago

See https://docs.gunicorn.org/en/latest/news.html#id2

MyPyDavid commented 3 months ago

thanks for posting. We have updated this gunicorn dependency in the next release https://github.com/rdmorganiser/rdmo/blob/768966ba6c6fc480258c1db8cf55087a7f752ebe/pyproject.toml#L86

I don't think it makes sense to merge this PR in main right now, dev-2.2.0 is basically ready for merge.

coveralls commented 3 months ago

coverage: 91.591%. remained the same when pulling 9274adfcae621d3a7a3b2db5d422edfd0d0418fa on hardfalcon:gunicorn-22 into 065d195043b7ac34a7b6b3180dac69829a3974bc on rdmorganiser:main.

hardfalcon commented 3 months ago

@MyPyDavid : Ohhhh, thanks for the hint, it seems that all the changes I wanted to create pull requests for are already in the dev-2.2.0 branch. Any guesstimate as to when RDMO 2.2.0 might be released? :)

MyPyDavid commented 3 months ago

alright @hardfalcon thank you! Yes, it looks like now that the release will be in the first week of September 🤞 ;)