Safety CI > crim-ca/weaver

weaver-cli

4 years, 4 months ago

dc3b779f

ignore safety issue flagged to all older celery<5.2.0

No dependencies with known security vulnerabilities.

weaver-cli

4 years, 4 months ago

17e67a30

add feature/cli auto-label to github workflows

No dependencies with known security vulnerabilities.

weaver-cli

4 years, 4 months ago

0b410ca1

more CLI tests for job status, monitor and results/download operations

No dependencies with known security vulnerabilities.

weaver-cli

4 years, 4 months ago

40f9ae63

fix all CLI execute test variantions

No dependencies with known security vulnerabilities.

weaver-cli

4 years, 4 months ago

70d1e13d

add tests for various inputs format for CLI execute + fix parsing outputs execute schema as mapping

No dependencies with known security vulnerabilities.

weaver-cli

4 years, 4 months ago

e3f8889c

add issue references to CLI changelog items (relates to #363)

No dependencies with known security vulnerabilities.

weaver-cli

4 years, 4 months ago

8eb77c73

add issue references to CLI changelog items

No dependencies with known security vulnerabilities.

weaver-cli

4 years, 4 months ago

2d048cf4

update all changes related to WeaverClient, CLI and other improvements associated to their addition

No dependencies with known security vulnerabilities.

weaver-cli

4 years, 4 months ago

1fbb937d

second pass of cli implementation

No dependencies with known security vulnerabilities.

weaver-cli

4 years, 4 months ago

d74e78bf

first pass of CLI implementation

No dependencies with known security vulnerabilities.

master

4 years, 5 months ago

69f8d4ae

Merge pull request #373 from crim-ca/deps-security-check

No dependencies with known security vulnerabilities.

deps-security-check

4 years, 5 months ago

c3260248

add individual targets security-[code|deps] to allow check without [*]-only

No dependencies with known security vulnerabilities.

fix-workflow-output-binding

4 years, 5 months ago

4a7477c1

refactor wps-process in workflow (reuse staging operations) + fix workflow collect output glob (fix

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

master

4 years, 5 months ago

7ef3d4b5

Bump version: 4.4.0 → 4.5.0

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

master

4 years, 5 months ago

8fe84c0e

Merge pull request #370 from crim-ca/private-dockers

celery 3.1.26.post2 has known security vulnerabilities.

Package	Installed	Affected	Info
celery	3.1.26.post2	<4.4.0rc5	show Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets. https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841
celery	3.1.26.post2	<5.2.0	show Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.
celery	3.1.26.post2	<5.2.2	show Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Package

Installed

Affected

Info

celery

3.1.26.post2

<4.4.0rc5

show

Celery 4.4.0rc5 addresses a race condition that occurred during the publishing of very large chord headers. This fix ensures that the operation is completed successfully even when dealing with such large data sets.
https://github.com/celery/celery/pull/5850/files#diff-3a80ff45da16a11b96e26a63973d7d490187a68ddc1949e2dfd7fd090b208841

celery

3.1.26.post2

<5.2.0

show

Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues.

celery

3.1.26.post2

<5.2.2

show

Celery 5.2.2 includes a fix for CVE-2021-23727: Celery before 5.2.2. by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.