Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency gevent to v23 [security] #1989

Merged
merged 1 commit into from
Oct 4, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 25, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
gevent 22.10.2 -> 23.9.0 age adoption passing confidence

Review

  • Updates have been tested and work
  • If updates are AWS related, versions match the infrastructure (e.g. Lambda runtime, database, etc.)

GitHub Vulnerability Alerts

CVE-2023-41419

An issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.


Configuration

📅 Schedule: Branch creation - "" in timezone America/Montreal, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added dependencies Pull requests that update a dependency file Renovate labels Sep 25, 2023
@renovate renovate bot force-pushed the renovate/pypi-gevent-vulnerability branch 5 times, most recently from 02c33a5 to c136e91 Compare October 3, 2023 19:33
@sastels
Copy link
Collaborator

sastels commented Oct 4, 2023

tested locally. Will merge to staging and kick the tires...

@renovate renovate bot force-pushed the renovate/pypi-gevent-vulnerability branch from c136e91 to 85ca95b Compare October 4, 2023 13:02
@sastels sastels merged commit cc65b5b into main Oct 4, 2023
4 checks passed
@sastels sastels deleted the renovate/pypi-gevent-vulnerability branch October 4, 2023 14:10
@sastels
Copy link
Collaborator

sastels commented Oct 4, 2023

Update:

  • api lambda and k8s pods deployed successfully
  • admin works, can send myself a text
  • smoke tests passing (except api-k8s file sends, which didn't work before 😅 )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file Renovate
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant