Drop dependency on rope; CVE-2014-3539 fix pending 4 years now #1366
Assignees
Comments
gsemet
added a commit
that referenced
this issue
Jul 31, 2018
Fix #1366 + freeze pip and pipenv Signed-off-by: Gaetan Semet <[email protected]>
Closed
gsemet
added a commit
that referenced
this issue
Sep 3, 2018
Fix #1366 + freeze pip and pipenv Signed-off-by: Gaetan Semet <[email protected]>
gsemet
added a commit
that referenced
this issue
Sep 3, 2018
Fix #1366 + freeze pip and pipenv Signed-off-by: Gaetan Semet <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey, @gsemet
I see you're doing great job maintaining Guake. Can you please look if it's possible to get rid of the dependency on the
ropemodule? Because of this: python-rope/rope#105 -- years have passed, no RCE fix merged still.Even though it's only a dev-dependency -- I guess nobody wants to get hacked while working on a small feature/fix to Guake just because we couldn't get out crap together.
cc @pypingou @clarete
The text was updated successfully, but these errors were encountered: