Skip to content

[improve][ci] Upgrade pulsar-client-python to 3.4.0 to avoid CVE-2023-1428#21899

Merged
Technoboy- merged 1 commit intoapache:masterfrom
BewareMyPower:bewaremypower/bump-python-version
Jan 16, 2024
Merged

[improve][ci] Upgrade pulsar-client-python to 3.4.0 to avoid CVE-2023-1428#21899
Technoboy- merged 1 commit intoapache:masterfrom
BewareMyPower:bewaremypower/bump-python-version

Conversation

@BewareMyPower
Copy link
Contributor

@BewareMyPower BewareMyPower commented Jan 15, 2024

Motivation

Currently pulsar-client-python 3.2.0 is used for Python Functions in Pulsar images, which suffers the CVE-2023-1428 due to the old grpc.io dependency.

Modifications

Upgrade the depended pulsar-client-python version to include apache/pulsar-client-python#174

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

Matching PR in forked repository

PR in forked repository:

@BewareMyPower BewareMyPower self-assigned this Jan 15, 2024
@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Jan 15, 2024
@Technoboy- Technoboy- added this to the 3.3.0 milestone Jan 15, 2024
@Technoboy- Technoboy- closed this Jan 15, 2024
@Technoboy- Technoboy- reopened this Jan 15, 2024
@Technoboy- Technoboy- merged commit 24c927e into apache:master Jan 16, 2024
@BewareMyPower BewareMyPower deleted the bewaremypower/bump-python-version branch January 16, 2024 11:01
@Technoboy- Technoboy- modified the milestones: 3.3.0, 3.2.0 Jan 19, 2024
Technoboy- pushed a commit that referenced this pull request Jan 19, 2024
@BewareMyPower @Technoboy-
[improve][ci] Upgrade pulsar-client-python to 3.4.0 to avoid CVE-2023…
61436ef 
…-1428 (#21899)
Technoboy- pushed a commit that referenced this pull request Jan 31, 2024
@BewareMyPower @Technoboy-
[improve][ci] Upgrade pulsar-client-python to 3.4.0 to avoid CVE-2023…
65ce9d6 
…-1428 (#21899)
Technoboy- pushed a commit that referenced this pull request Feb 5, 2024
@BewareMyPower @Technoboy-
[improve][ci] Upgrade pulsar-client-python to 3.4.0 to avoid CVE-2023…
2065653 
…-1428 (#21899)
mukesh-ctds pushed a commit to datastax/pulsar that referenced this pull request Mar 1, 2024
@BewareMyPower @mukesh-ctds
[improve][ci] Upgrade pulsar-client-python to 3.4.0 to avoid CVE-2023…
276d067 
…-1428 (apache#21899)

(cherry picked from commit 65ce9d6)
mukesh-ctds pushed a commit to datastax/pulsar that referenced this pull request Mar 6, 2024
@BewareMyPower @mukesh-ctds
[improve][ci] Upgrade pulsar-client-python to 3.4.0 to avoid CVE-2023…
616b97c 
…-1428 (apache#21899)

(cherry picked from commit 65ce9d6)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Technoboy- Technoboy- Technoboy- approved these changes

@RobertIndie RobertIndie RobertIndie approved these changes

@codelipenghui codelipenghui Awaiting requested review from codelipenghui

@michaeljmarshall michaeljmarshall Awaiting requested review from michaeljmarshall

@liangyepianzhou liangyepianzhou Awaiting requested review from liangyepianzhou

Assignees

@BewareMyPower BewareMyPower

Labels

cherry-picked/branch-3.0 cherry-picked/branch-3.1 doc-not-needed Your PR changes do not impact docs ready-to-test release/2.11.5 release/3.0.3 release/3.1.3

Projects

None yet

Milestone

3.2.0

Development

Successfully merging this pull request may close these issues.

4 participants

@BewareMyPower @Technoboy- @RobertIndie @lhotari