| From: | James Addison <jay(at)jp-hosting(dot)net> |
|---|---|
| To: | pgsql-www(at)postgresql(dot)org |
| Subject: | [PATCH] Maintenance: update pgweb Python dependencies |
| Date: | 2022-06-09 13:49:40 |
| Message-ID: | CALDQ5NzR6wL8LzmAyDTsX2P0WaxZ9XxiMEWMQZ6x6yqcWt+EEA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
A few Python dependency vulnerabilities are currently reported in
pgweb by the 'safety'[1] check tool.
pgweb doesn't appear to be susceptible to any of these vulnerabilities
in practice; even so, this patch upgrades them to more recent versions
to reduce noise.
This was spotted after attempting an upgrade[2] of pycryptodomex in
the PGPerfFarm server code.
Note: As far as I can tell, we only use PyYAML in order to load Django
fixture data at development & server setup time; it's possible we
could reformat those fixtures as JSON and then remove the dependency
upon PyYAML.
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-update-dependencies-to-resolve-reported-vulns.patch | text/x-patch | 775 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | czajkowskilukasz | 2022-06-13 08:01:16 | pg_waldump - how read |
| Previous Message | Magnus Hagander | 2022-06-07 20:58:02 | Re: Development environment setup for pgarchives and pgweb |