What are you really trying to do?
When scanning Docker image of my project with Trivy, two issues are raised: GHSA-36hh-v3qg-5jq4 & GHSA-chgr-c6px-7xpp
Describe the bug
====================================================================================
Total: 1 (MEDIUM: 1, HIGH: 0, CRITICAL: 0)
┌─────────┬─────────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────┼─────────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────┤
│ pyo3 │ GHSA-36hh-v3qg-5jq4 │ HIGH │ fixed │ 0.25.1 │ 0.29.0 │ PyO3 has an Out-of-bounds Read in `nth` / `nth_back` for │
│ │ │ │ │ │ │ `PyList` and... │
│ │ │ │ │ │ │ https://github.com/advisories/GHSA-36hh-v3qg-5jq4 │
│ ├─────────────────────┼──────────┤ │ │ ├──────────────────────────────────────────────────────────┤
│ │ GHSA-chgr-c6px-7xpp │ MEDIUM │ │ │ │ PyO3 has a missing `Sync` bound on │
│ │ │ │ │ │ │ `PyCFunction::new_closure` closures │
│ │ │ │ │ │ │ https://github.com/advisories/GHSA-chgr-c6px-7xpp │
└─────────┴─────────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────┘
Environment/Versions
Using temporalio 1.28.0
Additional context
The version 0.29.0 of pyo3 solves these security issues.
What are you really trying to do?
When scanning Docker image of my project with Trivy, two issues are raised: GHSA-36hh-v3qg-5jq4 & GHSA-chgr-c6px-7xpp
Describe the bug
Environment/Versions
Using temporalio 1.28.0
Additional context
The version 0.29.0 of pyo3 solves these security issues.