-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
fix(sec): upgrade msgpack to 0.6.0 #2822
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(sec): upgrade msgpack to 0.6.0 #2822
Conversation
caryoscelus
commented
Dec 4, 2022
hello and thanks for the PR . this project is dead (as @shortcutme haven't been around for a long while) and development now happens in forks . as a maintainer of one of those , i'm gonna merge this change soon (waiting for any potential feedback first~~)
purplesyringa
commented
Dec 4, 2022
The fix seems to set a limit on the message size, so you better check that ZeroNet does not send messages larger than that limit (or increase the limit if necessary)
caryoscelus
commented
Dec 5, 2022
@imachug the version wasn't pinned so most users have already upgraded to the latest . if it causes any problems , it already does
Requirement already satisfied: msgpack>=0.6.0 in ./venv/lib/python3.9/site-packages (from -r requirements.txt (line 3)) (1.0.4)
ghost
commented
Dec 27, 2022
@caryoscelus I'm going to report you to GitHub if you keep spamming this repository with your crappy fork.
What happened?
There are 1 security vulnerabilities found in msgpack 0.4.4
What did I do?
Upgrade msgpack from 0.4.4 to 0.6.0 for vulnerability fix
What did you expect to happen?
Ideally, no insecure libs should be used.
The specification of the pull request
PR Specification from OSCS