Replies: 1 comment
-
|
Brief write up published on dev.to |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
0.32.0, 2023-05-18, security patch release, update recommended
@dependabot raised an alert for the used dependency: pymdown-extensions. The vulnerability is labelled as CVE-2023-32309. The issue has been present in pymdown-extensions since version 1.5.0 and is patched in version 10.0.
Snyk has provided a patch via PR #158, which has been tested and no regressions has been observed, even with a version leap for pymdown-extensions. from version 8.2 to 10.0. The GitHub Action has been updated to use the patched version, even though there are no direct use of the vulnerable code in the action, but we do not want to be the source of a vulnerability.
pymdown-extensions was increased to version 10.0.1, since a bug fix was released to follow up on the security patch.
This discussion was created from the release 0.32.0.
Beta Was this translation helpful? Give feedback.
All reactions