Skip to content

Minor bug fix. #323

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Marven11 wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Minor bug fix. #323

Marven11 wants to merge 3 commits into from

Conversation

@Marven11
Copy link

@Marven11 Marven11 commented Mar 1, 2024

No description provided.

@Jamim
Copy link

Jamim commented Jun 24, 2024
edited
Loading

Hello @PiotrDabkowski,

It turns out, this isn't just a minor bug fix. It fixes CVE-2024-28397.
Would you mind merging it?

Thanks!

@Marven11
Copy link
Author

Marven11 commented Jun 24, 2024

I've mailed him several times telling him this is the fix for the CVE since I found it. Maybe he's busy, or maybe he forget, or ignore everything. We can only wait for now.

@Jamim Jamim mentioned this pull request Jun 24, 2024
Closed
4 tasks
bmwiedemann pushed a commit to bmwiedemann/openSUSE that referenced this pull request Jul 1, 2024
@bmwiedemann
Update python-Js2Py to version 0.74 / rev 10 via SR 1184231
a951988 
https://build.opensuse.org/request/show/1184231
by user dgarcia + dimstar_suse
- Add CVE-2024-28397.patch upstream patch.
  (bsc#1226660, gh#PiotrDabkowski/Js2Py#323)
- Run tests
- Add patches:
  * remove-python-six.patch, to remove python-six dependency
  * python312.patch, to make it compatible with python312
philroche added a commit to philroche/advisories that referenced this pull request Oct 14, 2024
@philroche
feat(kubeflow-pipelines-visualization-server): pending upstream fix G…
f740b95 
…HSA-h95x-26f3-88hr

Marking as pending upstream fix:

> There is not currently a fixed version of the js2py package. So, the upstream project must migrate away from using js2py or wait for js2py to release a fixed version (and upgrade to it). Upstream PR @ PiotrDabkowski/Js2Py#323 which is yet to be merged.

This follows on from the same advisory filed for apache-beam-python-3.11-sdk @ chainguard-dev/enterprise-advisories#5130

Signed-off-by: philroche <phil.roche@chainguard.dev>
@philroche philroche mentioned this pull request Oct 14, 2024
Merged
github-merge-queue bot pushed a commit to wolfi-dev/advisories that referenced this pull request Oct 14, 2024
@philroche
feat(kubeflow-pipelines-visualization-server): pending upstream fix G…
da3609c 
…HSA-h95x-26f3-88hr (#8661)

Marking as pending upstream fix:

> There is not currently a fixed version of the js2py package. So, the upstream project must migrate away from using js2py or wait for js2py to release a fixed version (and upgrade to it). Upstream PR @ PiotrDabkowski/Js2Py#323 which is yet to be merged.

This follows on from the same advisory filed for apache-beam-python-3.11-sdk @ chainguard-dev/enterprise-advisories#5130

Signed-off-by: philroche <phil.roche@chainguard.dev>
@VassilisVassiliadis
build: bump version to 0.75
45e57e7 
Signed-off-by: Vassilis Vassiliadis <vassilis.vassiliadis@ibm.com>
This was referenced Mar 12, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PiotrDabkowski PiotrDabkowski PiotrDabkowski approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Marven11 @Jamim @PiotrDabkowski @VassilisVassiliadis