aiohttp snyk vulnerability

39 views
Skip to first unread message

Gal Naor

unread,
Dec 14, 2021, 5:35:42 AM12/14/21
to Gremlin-users
Hey,

We use germlinpython in our project in CyberArk, and using Snyk for vulnerabilities.
Unfortunately , snyk identifies a vulnerability in aiohttp 3.7.4 (which can be fixed in 3.8.0).

We tried to force aiohttp version os 3.8.0, but it failed because your requirements are only for aiohttp versions >= 3.7.0 < =3.7.4.

Is it possible to update to aiohttp version 3.8.0 and above?

Thanks!

Gal.

Stephen Mallette

unread,
Dec 14, 2021, 7:26:25 AM12/14/21
to gremli...@googlegroups.com
Thanks -  I don't see any reason why we wouldn't update that offhand. If you'd like, please feel free to submit a pull request and we can get it merged assuming the tests all pass. You would want to target the 3.5-dev branch. We are planning for a release in the next few weeks so the fix would be available fairly quickly.

--
You received this message because you are subscribed to the Google Groups "Gremlin-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gremlin-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gremlin-users/28fce5bb-f792-4c8f-bbff-04e1a3a8f48bn%40googlegroups.com.

Gal Naor

unread,
Dec 15, 2021, 5:50:39 AM12/15/21
to Gremlin-users
 Thank you , I created a relevant jira issue (https://issues.apache.org/jira/browse/TINKERPOP-2668) and just created a pull request https://github.com/apache/tinkerpop/pull/1519.

Gal.

Reply all
Reply to author
Forward
0 new messages