You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@arrow.apache.org by GitBox <gi...@apache.org> on 2020/05/27 17:11:58 UTC
[GitHub] [arrow] BinduAggarwal opened a new issue #7293: update Pip version
BinduAggarwal opened a new issue #7293:
URL: https://github.com/apache/arrow/issues/7293
Could you please update the pip latest version 20.1
https://github.com/apache/arrow/blob/2688a62f8179f20c20c06a10fcd22fe8a714ae48/python/manylinux1/scripts/requirements.txt
CVE-2018-20225
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] kou closed issue #7293: update Pip version
Posted by GitBox <gi...@apache.org>.
kou closed issue #7293:
URL: https://github.com/apache/arrow/issues/7293
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] BinduAggarwal commented on issue #7293: update Pip version
Posted by GitBox <gi...@apache.org>.
BinduAggarwal commented on issue #7293:
URL: https://github.com/apache/arrow/issues/7293#issuecomment-634825586
sure I will do it
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] nealrichardson commented on issue #7293: update Pip version
Posted by GitBox <gi...@apache.org>.
nealrichardson commented on issue #7293:
URL: https://github.com/apache/arrow/issues/7293#issuecomment-634814027
@BinduAggarwal would you be interested in opening a JIRA issue and a pull request? Looks like the source of this requirements.txt file has been updated as you describe: https://github.com/pypa/manylinux/blob/manylinux1/docker/build_scripts/requirements.txt
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org