Is there way to remove critical Vulnerability for curl 7.85.0

tensorflow / io

Dataset, streaming, and file system extensions maintained by TensorFlow SIG-IO

Apache License 2.0

708 stars 288 forks source link

Is there way to remove critical Vulnerability for curl 7.85.0 #2048

Open adarshbilimagga opened 3 months ago

adarshbilimagga commented 3 months ago

Trying to install tensorflow version 2.17.0 and curl is getting installed of version 7.85.0 which is outdated. Having security vulnerabilities for tensorflow-io-gcs-filesystem/tensorflow_io_gcs_filesystem-0.31.0-cp310-cp310-win_amd64.whl.

Getting below vulnerabilities: CVE-2023-38545 CVE-2022-32221 CVE-2023-28319 CVE-2023-38039 CVE-2023-27533 CVE-2023-27534 CVE-2023-23914 CVE-2022-43551 CVE-2022-32221 CVE-2022-42915 CVE-2022-42916

adarshbilimagga commented 1 month ago

Any plan to get the latest updated version of tensorflow io. What are the plans for handling these vulnerabilities.