Closed ctrlaltf24 closed 2 years ago
@ahopkins do you have a second to review so this repo's no longer vulnerable to https://github.com/advisories/GHSA-h8pj-cxx2-jfg2 ?
just commenting to mention that sanic is a dependency of rasa and it would be a big help for us if this vulnerability were resolved.
Will be released in the coming day or two with the upcoming release.
@ahopkins would this dependency be updated in sanic
versions 20.12
LTS & 21.12
LTS as well? Do you have a timeline please?
LTS versions will be released tonight or tomorrow with v22.6.
@ancalita Trying to make the change to v20.12 is going to be a PITA because there have been a number of breaking changes in the httpx
API since then. This was one of the motivating factors for moving sanic.testing
to sanic-testing
.
v0.8.3 is released now and can be used with 21.12LTS. Starting after v22.3 the versioning should track easier.
Fixes: https://github.com/sanic-org/sanic-testing/issues/38