Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add redis ID to ignore vulnerability list in pip-audit #1429

Merged
merged 1 commit into from
Nov 22, 2024

Conversation

ccostino
Copy link
Contributor

A note to PR reviewers: it may be helpful to review our code review documentation to know what to keep in mind while reviewing pull requests.

Description

This changeset adds a Python vulnerability that we need to ignore because it was incorrectly applied to the Python Redis module. This is a vulnerability with an older version of Redis itself, not the Python module.

Security Considerations

Vulnerability: Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.

This changeset adds a Python vulnerability that we need to ignore because it was incorrectly applied to the Python Redis module.  This is a vulnerability with an older version of Redis itself, not the Python module.

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
@ccostino ccostino added engineering dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Nov 22, 2024
@ccostino ccostino self-assigned this Nov 22, 2024
@terrazoon terrazoon merged commit 186a5f2 into main Nov 22, 2024
7 checks passed
@terrazoon terrazoon deleted the fix-redis-pip-audit branch November 22, 2024 15:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file engineering python Pull requests that update Python code
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

3 participants