Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(sec): upgrade msgpack to 0.6.0 #2822

Open
wants to merge 1 commit into
base: py3
Choose a base branch
from

Conversation

chncaption
Copy link

What happened?

There are 1 security vulnerabilities found in msgpack 0.4.4

What did I do?

Upgrade msgpack from 0.4.4 to 0.6.0 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

The specification of the pull request

PR Specification from OSCS

@caryoscelus
Copy link
Contributor

hello and thanks for the PR . this project is dead (as @shortcutme haven't been around for a long while) and development now happens in forks . as a maintainer of one of those , i'm gonna merge this change soon (waiting for any potential feedback first~~)

@purplesyringa
Copy link
Contributor

The fix seems to set a limit on the message size, so you better check that ZeroNet does not send messages larger than that limit (or increase the limit if necessary)

@caryoscelus
Copy link
Contributor

@imachug the version wasn't pinned so most users have already upgraded to the latest . if it causes any problems , it already does

Requirement already satisfied: msgpack>=0.6.0 in ./venv/lib/python3.9/site-packages (from -r requirements.txt (line 3)) (1.0.4)

@ghost
Copy link

ghost commented Dec 27, 2022

@caryoscelus I'm going to report you to GitHub if you keep spamming this repository with your crappy fork.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants