[Bug 1177083] New: python-aliyun-python-sdk-core package ships a vendored python-requests package
https://bugzilla.suse.com/show_bug.cgi?id=1177083 Bug ID: 1177083 Summary: python-aliyun-python-sdk-core package ships a vendored python-requests package Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Cloud:Tools Assignee: public-cloud-maintainers@suse.de Reporter: adrian.glaubitz@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- The python-aliyun-python-sdk-core ships a vendored version of the python-requests package which should be removed in the next version update to avoid hidden vulnerabilities in the embedded version of python-requests as well as avoid code duplicity. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1177083
John Paul Adrian Glaubitz
https://bugzilla.suse.com/show_bug.cgi?id=1177083
John Paul Adrian Glaubitz
https://bugzilla.suse.com/show_bug.cgi?id=1177083
https://bugzilla.suse.com/show_bug.cgi?id=1177083#c1
--- Comment #1 from John Paul Adrian Glaubitz
https://bugzilla.suse.com/show_bug.cgi?id=1177083
https://bugzilla.suse.com/show_bug.cgi?id=1177083#c2
--- Comment #2 from John Paul Adrian Glaubitz
https://bugzilla.suse.com/show_bug.cgi?id=1177083
https://bugzilla.suse.com/show_bug.cgi?id=1177083#c3
--- Comment #3 from John Paul Adrian Glaubitz
https://build.suse.de/project/show/home:glaubitz:staging20:SUSE-SLE-15-SP1:U...
It involves updating python-cryptography and python-cryptography-vectors to version 2.9.2:
https://build.suse.de/project/show/home:glaubitz:staging21:SUSE-SLE-15-SP1:U...
I have verified (with basic tests) that the updated SDK works properly on SLE-15. I just need to adjust the changelogs. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1177083
https://bugzilla.suse.com/show_bug.cgi?id=1177083#c4
--- Comment #4 from John Paul Adrian Glaubitz
https://bugzilla.suse.com/show_bug.cgi?id=1177083
Jeffrey Cheung
https://bugzilla.suse.com/show_bug.cgi?id=1177083
https://bugzilla.suse.com/show_bug.cgi?id=1177083#c7
--- Comment #7 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1177083
https://bugzilla.suse.com/show_bug.cgi?id=1177083#c8
--- Comment #8 from Swamp Workflow Management
participants (1)
-
bugzilla_noreply@suse.com