New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency pip to v23 [SECURITY] #477

Closed

renovate wants to merge 1 commit into main from renovate/pypi-pip-vulnerability

Contributor

renovate bot commented Nov 3, 2023 •

edited

Loading

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pip (source, changelog)	`==22.0.4` -> `==23.3`

GitHub Vulnerability Alerts

CVE-2023-5752

When installing a package from a Mercurial VCS URL, e.g. pip install hg+..., with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (e.g. --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.

Release Notes

pypa/pip (pip)

`v23.3`

`v23.2.1`

`v23.2`

`v23.1.2`

`v23.1.1`

`v23.1`

`v23.0.1`

`v23.0`

`v22.3.1`

`v22.3`

`v22.2.2`

`v22.2.1`

`v22.2`

`v22.1.2`

`v22.1.1`

`v22.1`

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.


          Update dependency pip to v23 [SECURITY]

70b8c11

codecov bot commented Nov 3, 2023 •

edited

Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (ea9ba60) 64.86% compared to head (70b8c11) 64.86%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #477   +/-   ##
=======================================
  Coverage   64.86%   64.86%           
=======================================
  Files           3        3           
  Lines          74       74           
  Branches       13       13           
=======================================
  Hits           48       48           
  Misses         24       24           
  Partials        2        2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

github-actions bot commented Feb 4, 2024

Automatically marking pull request as stale due to lack of activity

github-actions bot added the stale label

github-actions bot commented Feb 18, 2024

Automatically closing this pull request as stale

github-actions bot closed this

Contributor Author

renovate bot commented Feb 18, 2024

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 23.x releases. But if you manually upgrade to 23.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

renovate bot deleted the renovate/pypi-pip-vulnerability branch

February 18, 2024 00:51

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels