Skip to content

Commit

Permalink
CWE-362 - anyio Race Condition
Browse files Browse the repository at this point in the history 
chore:	Fixes CWE-362 - anyio Race Condition.
	Affected versions of this package are vulnerable to Race Condition in
	_eventloop.get_asynclib() that cause crashes when multiple event loops
	of the same backend are running in separate threads and simultaneously
	attempting to use AnyIO for the first time.

Signed-off-by: Spolti <fspolti@redhat.com>
  • Loading branch information
@spolti
spolti committed Jun 27, 2024
1 parent 03a45bb commit 71104e1
Show file tree
Hide file tree
Showing 16 changed files with 10,733 additions and 10,635 deletions.
3,007 changes: 1,585 additions & 1,422 deletions docs/samples/explanation/alibi/alibiexplainer/poetry.lock
View file

Large diffs are not rendered by default.

1,172 changes: 580 additions & 592 deletions python/aiffairness/poetry.lock
View file

Large diffs are not rendered by default.

1,607 changes: 796 additions & 811 deletions python/artexplainer/poetry.lock
View file

Large diffs are not rendered by default.

1,249 changes: 618 additions & 631 deletions python/custom_model/poetry.lock
View file

Large diffs are not rendered by default.

1,102 changes: 544 additions & 558 deletions python/custom_tokenizer/poetry.lock
View file

Large diffs are not rendered by default.

1,255 changes: 621 additions & 634 deletions python/custom_transformer/poetry.lock
View file

Large diffs are not rendered by default.

1,402 changes: 709 additions & 693 deletions python/huggingfaceserver/poetry.lock
View file

Large diffs are not rendered by default.

1,203 changes: 602 additions & 601 deletions python/kserve/poetry.lock
View file

Large diffs are not rendered by default.

2 changes: 2 additions & 0 deletions python/kserve/pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,8 @@ tabulate = "^0.9.0"
pandas = ">=1.3.5"
pydantic = ">1.0,<3"
pyyaml = "^6.0.0"
# Fixes CWE-362, review overtime to make sure this librari was updated so it can be removed.
anyio = "^4.4.0"

# Storage dependencies. They can be opted into by apps.
requests = { version = "^2.20.0", optional = true }
Expand Down
1,388 changes: 695 additions & 693 deletions python/lgbserver/poetry.lock
View file

Large diffs are not rendered by default.

1,531 changes: 767 additions & 764 deletions python/paddleserver/poetry.lock
View file

Large diffs are not rendered by default.

1,492 changes: 747 additions & 745 deletions python/pmmlserver/poetry.lock
View file

Large diffs are not rendered by default.

1,382 changes: 692 additions & 690 deletions python/sklearnserver/poetry.lock
View file

Large diffs are not rendered by default.

1,096 changes: 541 additions & 555 deletions python/test_resources/graph/error_404_isvc/poetry.lock
View file

Large diffs are not rendered by default.

1,096 changes: 541 additions & 555 deletions python/test_resources/graph/success_200_isvc/poetry.lock
View file

Large diffs are not rendered by default.

1,384 changes: 693 additions & 691 deletions python/xgbserver/poetry.lock
View file

Large diffs are not rendered by default.

0 comments on commit 71104e1

Please sign in to comment.