Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updates werkzeug to 3.0.1 fixing CVE-2023-46136 #3690

Merged
merged 1 commit into from
Nov 27, 2023

Conversation

dlvenable
Copy link
Member

@dlvenable dlvenable commented Nov 21, 2023

Description

The goal is to resolve CVE-2023-46136 by updating werkzeug to 3.0.1. In order to update this version though, I also needed to update dash to 2.14.1.

Issues Resolved

Resolves #3552.

Check List

  • New functionality includes testing.
  • New functionality has a documentation issue. Please link to it in this PR.
    • New functionality has javadoc added
  • Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

…pdating to dash 2.14.1 as 2.13 does not support newer versions of werkzeug. Resolves opensearch-project#3552.

Signed-off-by: David Venable <[email protected]>
@dlvenable dlvenable force-pushed the 3649-werkzeug-update branch from 45425d5 to d54fe9c Compare November 21, 2023 22:22
@dlvenable dlvenable changed the title Updates werkzeug to 2.3.8 fixing CVE-2023-46136 Updates werkzeug to 3.0.1 fixing CVE-2023-46136 Nov 21, 2023
@dlvenable dlvenable merged commit b8fcffd into opensearch-project:main Nov 27, 2023
42 of 45 checks passed
@dlvenable dlvenable deleted the 3649-werkzeug-update branch November 27, 2023 21:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

CVE-2023-46136 (High) detected in Werkzeug-2.2.3-py3-none-any.whl
3 participants