Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore GHSA-hc5w-c9f8-9cc4 until the CVE is corrected for the Python library #1383

Merged
merged 1 commit into from
Nov 6, 2024
Merged

Ignore GHSA-hc5w-c9f8-9cc4 until the CVE is corrected for the Python library #1383

merged 1 commit into from
Nov 6, 2024

Conversation

manstis
Copy link
Contributor

@manstis manstis commented Nov 6, 2024

This PR does not need a corresponding Jira item.

Description

Name | Version | ID | Fix Versions | Description
--- | --- | --- | --- | ---
langchain | 0.3.6 | GHSA-hc5w-c9f8-9cc4 |  | A path traversal vulnerability exists in the `getFullPath` ....

See https://issues.redhat.com/browse/AAP-35075 for details.

Testing

N/A

Steps to test

N/A

Scenarios tested

N/A

Production deployment

  • This code change is ready for production on its own
  • This code change requires the following considerations before going to production:

@manstis manstis requested a review from hasys November 6, 2024 09:44
hasys
hasys approved these changes Nov 6, 2024
View reviewed changes
Copy link
Contributor

@hasys hasys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, since new version is not fixing an issue, let's not upgrade for now. Next sprint we have a planned upgrade so we can test stability as well.

Thank you @manstis

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 6, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@manstis manstis merged commit 4f684da into main Nov 6, 2024
10 checks passed
@manstis manstis deleted the ignore_GHSA-hc5w-c9f8-9cc4 branch November 6, 2024 11:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hasys hasys hasys approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@manstis @hasys