Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(short issue description) #8055

Closed
2 tasks done
anoora17 opened this issue Jul 21, 2023 · 2 comments
Closed
2 tasks done

(short issue description) #8055

anoora17 opened this issue Jul 21, 2023 · 2 comments
Assignees
@RyanFitzSimmonsAK
Labels
dependencies This issue is a problem in a dependency. duplicate This issue is a duplicate. feature-request A feature should be added or improved. p3 This is a minor priority issue

Comments

@anoora17
Copy link

Describe the feature

Please would you please upgrade this wheel package to version 38 or above?

https://github.com/aws/aws-cli/blob/v2/requirements/download-deps/bootstrap-win-lock.txt#L21

Use Case

https://nvd.nist.gov/vuln/detail/CVE-2022-40898

Proposed Solution

upgrade wheel==0.37.1 to wheel==0.38.1

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CLI version used

2.31.2

Environment details (OS name and version, etc.)

linux
@anoora17 anoora17 added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jul 21, 2023
@RyanFitzSimmonsAK RyanFitzSimmonsAK self-assigned this Jul 21, 2023
@RyanFitzSimmonsAK RyanFitzSimmonsAK added dependencies This issue is a problem in a dependency. p3 This is a minor priority issue duplicate This issue is a duplicate. and removed needs-triage This issue or PR still needs to be triaged. labels Jul 21, 2023
@RyanFitzSimmonsAK
Copy link
Contributor

Hi @anoora17, thanks for reaching out. wheel was added to dependabot tracking in May (#7904) the last time this was requested (#7896). A more recent version does still need to be tested before updating the pinned version. As mentioned in the issue I linked, AWS CLI is not affected by the vulnerability in 0.37.1, but they are still planning on updating the pin.

Hope that helps, and feel free to ask any follow-up questions in the issue I linked. Closing this one as a duplicate.

@RyanFitzSimmonsAK RyanFitzSimmonsAK closed this as not planned Won't fix, can't repro, duplicate, stale Jul 21, 2023
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RyanFitzSimmonsAK RyanFitzSimmonsAK

Labels
dependencies This issue is a problem in a dependency. duplicate This issue is a duplicate. feature-request A feature should be added or improved. p3 This is a minor priority issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anoora17 @RyanFitzSimmonsAK