Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency idna to v3.7 #155

Closed

Conversation

mend-for-github-com[bot]
Copy link

This PR contains the following updates:

Package Update Change
idna (changelog) minor ==3.4 -> ==3.7

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE
High High 7.5 CVE-2024-3651

Release Notes

kjd/idna (idna)

v3.7

Compare Source

What's Changed

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

v3.6

Compare Source

v3.5

Compare Source


  • If you want to rebase/retry this PR, check this box

Copy link

This PR was marked stale due to lack of activity. It will be closed in 7 days.

@github-actions github-actions bot added the Stale label Jul 20, 2024
Copy link

Closed as inactive. Feel free to reopen if this PR is still being worked on.

@github-actions github-actions bot closed this Jul 27, 2024
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/loadgenerator branch July 27, 2024 03:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by Mend Stale
Projects
None yet
Development

Successfully merging this pull request may close these issues.

10 participants