esgf2-us/metagrid

Address reported old vulnerable versions: upgrade packages

Opened this issue · 1 comments

sashakames commented

root@esgfmeta-test-v4:docker exec -it -u root metagrid_local_django /bin/bash
root@2184f178b41a:/app# pip-audit
Found 6 known vulnerabilities in 5 packages
Name Version ID Fix Versions

cryptography 42.0.0 GHSA-9v9h-cgj8-h64p 42.0.2
cryptography 42.0.0 GHSA-6vqw-3v5j-54x4 42.0.4
django 4.2.7 PYSEC-2024-28 3.2.24,4.2.10,5.0.2
ecdsa 0.18.0 GHSA-wj6h-64fc-37mp
pip 23.0.1 PYSEC-2023-228 23.3
setuptools 58.1.0 PYSEC-2022-43012 65.5.1

sashakames commented

@downiec If these are trivial updates perhaps we include in #592