Skip to content

v1.3.2 - Security Updates

Latest
Latest

Choose a tag to compare

View all tags
@mxcoppell mxcoppell released this 18 Mar 19:00
· 3 commits to main since this release
v1.3.2
eeb3073
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Security

  • Updated black from 24.10.0 to 26.3.1 to fix high severity vulnerability:
    • Arbitrary file writes from unsanitized user input in cache file name
  • Updated filelock from 3.20.2 to 3.25.2 to fix medium severity vulnerability:
    • TOCTOU symlink vulnerability in SoftFileLock (patched in 3.20.3)
  • Updated virtualenv from 20.36.0 to 21.2.0 to fix medium severity vulnerability:
    • TOCTOU vulnerabilities in directory creation (patched in 20.36.1)

Resolves Dependabot alerts #11, #12, #13.

Full Changelog: v1.3.1...v1.3.2

Assets 2
Loading