Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[improve][ci] Upgrade pulsar-client-python to 3.4.0 to avoid CVE-2023-1428 #21899

Merged
merged 1 commit into from
Jan 16, 2024
Merged

[improve][ci] Upgrade pulsar-client-python to 3.4.0 to avoid CVE-2023-1428 #21899

merged 1 commit into from
Jan 16, 2024

Conversation

BewareMyPower
Copy link
Contributor

Motivation

Currently pulsar-client-python 3.2.0 is used for Python Functions in Pulsar images, which suffers the CVE-2023-1428 due to the old grpc.io dependency.

Modifications

Upgrade the depended pulsar-client-python version to include apache/pulsar-client-python#174

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

Matching PR in forked repository

PR in forked repository:

@BewareMyPower BewareMyPower self-assigned this Jan 15, 2024
@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Jan 15, 2024
@Technoboy- Technoboy- added this to the 3.3.0 milestone Jan 15, 2024
@Technoboy- Technoboy- closed this Jan 15, 2024
@Technoboy- Technoboy- reopened this Jan 15, 2024
@Technoboy- Technoboy- merged commit 24c927e into apache:master Jan 16, 2024
@BewareMyPower BewareMyPower deleted the bewaremypower/bump-python-version branch January 16, 2024 11:01
@Technoboy- Technoboy- modified the milestones: 3.3.0, 3.2.0 Jan 19, 2024
Technoboy- pushed a commit that referenced this pull request Jan 19, 2024
@BewareMyPower @Technoboy-
[improve][ci] Upgrade pulsar-client-python to 3.4.0 to avoid CVE-2023…
61436ef 
…-1428 (#21899)
Technoboy- pushed a commit that referenced this pull request Jan 31, 2024
@BewareMyPower @Technoboy-
[improve][ci] Upgrade pulsar-client-python to 3.4.0 to avoid CVE-2023…
65ce9d6 
…-1428 (#21899)
Technoboy- pushed a commit that referenced this pull request Feb 5, 2024
@BewareMyPower @Technoboy-
[improve][ci] Upgrade pulsar-client-python to 3.4.0 to avoid CVE-2023…
2065653 
…-1428 (#21899)
mukesh-ctds pushed a commit to datastax/pulsar that referenced this pull request Mar 1, 2024
@BewareMyPower @mukesh-ctds
[improve][ci] Upgrade pulsar-client-python to 3.4.0 to avoid CVE-2023…
276d067 
…-1428 (apache#21899)

(cherry picked from commit 65ce9d6)
mukesh-ctds pushed a commit to datastax/pulsar that referenced this pull request Mar 6, 2024
@BewareMyPower @mukesh-ctds
[improve][ci] Upgrade pulsar-client-python to 3.4.0 to avoid CVE-2023…
616b97c 
…-1428 (apache#21899)

(cherry picked from commit 65ce9d6)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Technoboy- Technoboy- Technoboy- approved these changes

@RobertIndie RobertIndie RobertIndie approved these changes

@codelipenghui codelipenghui Awaiting requested review from codelipenghui

@michaeljmarshall michaeljmarshall Awaiting requested review from michaeljmarshall

@liangyepianzhou liangyepianzhou Awaiting requested review from liangyepianzhou

Assignees

@BewareMyPower BewareMyPower

Labels
cherry-picked/branch-3.0 cherry-picked/branch-3.1 doc-not-needed Your PR changes do not impact docs ready-to-test release/2.11.5 release/3.0.3 release/3.1.3
Projects
None yet
Milestone
3.2.0
Development

Successfully merging this pull request may close these issues.
4 participants
@BewareMyPower @Technoboy- @RobertIndie @lhotari