Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GHSA-2326-pfpj-vx3h - parsable: pending-upstream-fix advisory #8563

Merged
merged 1 commit into from
Oct 6, 2024
Merged

GHSA-2326-pfpj-vx3h - parsable: pending-upstream-fix advisory #8563

merged 1 commit into from
Oct 6, 2024

Conversation

mamccorm
Copy link
Member

@mamccorm mamccorm commented Oct 5, 2024
edited
Loading

Filing a ending-upstream-fix advisory for GHSA-2326-pfpj-vx3h, which relates to the parsable package, and one of it's dependencies: lexical-core.

After this is approved / merged, please close the following PR and delete the associated branch:

@mamccorm
Adding pending-upstream-fix advisory for parseable package, ID: GHSA-…
c27db07 
…2326-pfpj-vx3h

Signed-off-by: Mark McCormick <mark.mccormick@chainguard.dev>
@mamccorm mamccorm marked this pull request as ready for review October 5, 2024 21:50
kranurag7
kranurag7 approved these changes Oct 6, 2024
View reviewed changes
Copy link
Member

@kranurag7 kranurag7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there was a release cut of 53.1.0 via apache/arrow-rs#6501

the main workspace version is also 53.1.0 now (https://github.com/apache/arrow-rs/blob/master/Cargo.toml) but I think this has not been updated to crates.io till now which still shows 53.0.0 (https://crates.io/crates/arrow-json)

approving meanwhile given crates.io is not updated for the crate that relates to the GHSA.

@mamccorm mamccorm added this pull request to the merge queue Oct 6, 2024
Merged via the queue into wolfi-dev:main with commit 890a315 Oct 6, 2024
7 checks passed
@mamccorm mamccorm deleted the GHSA-2326-pfpj-vx3h-parsable-package-advisory branch October 6, 2024 00:42
@kranurag7 kranurag7 mentioned this pull request Oct 6, 2024
Closed
@mamccorm mamccorm self-assigned this Oct 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kranurag7 kranurag7 kranurag7 approved these changes

Assignees

@mamccorm mamccorm

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mamccorm @kranurag7