Update pin to hdf5 1.8.18 #394
Conversation
| @@ -41,7 +41,7 @@ | |||
| 'glib': 'glib 2.51.*', # 2.50.2 | |||
| 'gmp': 'gmp >=5.0.1,<7', # 6.1.0 | |||
| 'harfbuzz': 'harfbuzz 1.3.*', # 0.9.39 | |||
| 'hdf5': 'hdf5 1.8.17|1.8.17.*', # 1.8.17 | |||
| 'hdf5': 'hdf5 1.8.18|1.8.18.*', # 1.8.17 | |||
There was a problem hiding this comment.
@jjhelmus can you confirm if defaults version is still 1.8.17?
(It is probably safe for conda-forge to move to 1.8.18 b/c we do have all the packages that uses hdf5 packaged in conda-forge.)
There was a problem hiding this comment.
It is still 1.8.17 - I have a PR to update it here: ContinuumIO/anaconda-recipes#109
In my experience, my PRs get ignored even if it's about a remote code execution vuln.
There was a problem hiding this comment.
@qwhelan are you referring to defaults or conda-forge? I am confused b/c you linked the PR to conda-forge, but that was merged and we are moving to the latest hdf5 thanks to you.
There was a problem hiding this comment.
@ocefpaf Apologies, pasted the wrong link initially. I was referring to defaults
Update
hdf5to 1.8.18 to resolve some CVEs announced back in November.See conda-forge/hdf5-feedstock#71 for more info.