You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@arrow.apache.org by GitBox <gi...@apache.org> on 2020/05/27 17:11:58 UTC

[GitHub] [arrow] BinduAggarwal opened a new issue #7293: update Pip version

BinduAggarwal opened a new issue #7293:
URL: https://github.com/apache/arrow/issues/7293


   Could you please update the pip latest version 20.1
   
   https://github.com/apache/arrow/blob/2688a62f8179f20c20c06a10fcd22fe8a714ae48/python/manylinux1/scripts/requirements.txt
   
   CVE-2018-20225
   An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] kou closed issue #7293: update Pip version

Posted by GitBox <gi...@apache.org>.

kou closed issue #7293:
URL: https://github.com/apache/arrow/issues/7293


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] BinduAggarwal commented on issue #7293: update Pip version

Posted by GitBox <gi...@apache.org>.

BinduAggarwal commented on issue #7293:
URL: https://github.com/apache/arrow/issues/7293#issuecomment-634825586


   sure I will do it


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] nealrichardson commented on issue #7293: update Pip version

Posted by GitBox <gi...@apache.org>.

nealrichardson commented on issue #7293:
URL: https://github.com/apache/arrow/issues/7293#issuecomment-634814027


   @BinduAggarwal would you be interested in opening a JIRA issue and a pull request? Looks like the source of this requirements.txt file has been updated as you describe: https://github.com/pypa/manylinux/blob/manylinux1/docker/build_scripts/requirements.txt


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org