ctrlaltf24
commented
2 years ago @ahopkins do you have a second to review so this repo's no longer vulnerable to https://github.com/advisories/GHSA-h8pj-cxx2-jfg2 ?
Closed ctrlaltf24 closed 2 years ago
ctrlaltf24
commented
2 years ago @ahopkins do you have a second to review so this repo's no longer vulnerable to https://github.com/advisories/GHSA-h8pj-cxx2-jfg2 ?
amn41
commented
2 years ago just commenting to mention that sanic is a dependency of rasa and it would be a big help for us if this vulnerability were resolved.
ahopkins
commented
2 years ago Will be released in the coming day or two with the upcoming release.
ancalita
commented
2 years ago @ahopkins would this dependency be updated in sanic versions 20.12 LTS & 21.12 LTS as well? Do you have a timeline please?
ahopkins
commented
2 years ago LTS versions will be released tonight or tomorrow with v22.6.
ahopkins
commented
2 years ago @ancalita Trying to make the change to v20.12 is going to be a PITA because there have been a number of breaking changes in the httpx API since then. This was one of the motivating factors for moving sanic.testing to sanic-testing.
ahopkins
commented
2 years ago v0.8.3 is released now and can be used with 21.12LTS. Starting after v22.3 the versioning should track easier.
Fixes: https://github.com/sanic-org/sanic-testing/issues/38