Skip to content

Increase min version of Python tqdm for security advisory PYSEC-2023-74 #7076

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 24, 2025
Merged

Increase min version of Python tqdm for security advisory PYSEC-2023-74 #7076

merged 1 commit into from
Feb 24, 2025

Conversation

@mhucka
Copy link
Contributor

@mhucka mhucka commented Feb 22, 2025

The Python tqdm package prior to version 4.11.2 has a vulnerability that could allow attackers to execute arbitrary code, as documented in this security advisory:

Increasing the minimum version to 4.12 or higher seems like the easiest solution.

@mhucka
Increase min version of Python tqdm for security
e53d5a8 
The Python tqdm package prior to version 4.11.2 has a vulnerability
that could allow attackers to execute arbitrary code, as documented in
this security advisory:

- https://osv.dev/vulnerability/PYSEC-2017-74

Increasing the minimum version to 4.12 or higher seems like the
easiest solution.
@CirqBot CirqBot added the Size: XS <10 lines changed label Feb 22, 2025
@mhucka mhucka marked this pull request as ready for review February 22, 2025 18:23
@mhucka mhucka requested review from a team and vtomole as code owners February 22, 2025 18:23
@mhucka mhucka enabled auto-merge February 22, 2025 18:23
@mhucka mhucka self-assigned this Feb 22, 2025
@mhucka mhucka requested a review from pavoljuhas February 22, 2025 18:24
@codecov
Copy link

codecov bot commented Feb 22, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.18%. Comparing base (a2bf6e8) to head (e53d5a8).
Report is 2 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7076   +/-   ##
=======================================
  Coverage   98.18%   98.18%           
=======================================
  Files        1089     1089           
  Lines       95237    95237           
=======================================
  Hits        93508    93508           
  Misses       1729     1729

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@mhucka mhucka added this pull request to the merge queue Feb 24, 2025
Merged via the queue into quantumlib:main with commit e3b46a1 Feb 24, 2025
38 checks passed
@mhucka mhucka deleted the mh-PYSEC-2017-74 branch February 24, 2025 05:52
BichengYing pushed a commit to BichengYing/Cirq that referenced this pull request Jun 20, 2025
@mhucka @BichengYing
Increase min version of Python tqdm for security (quantumlib#7076)
9dc15f6 
The Python tqdm package prior to version 4.11.2 has a vulnerability
that could allow attackers to execute arbitrary code, as documented in
this security advisory:

- https://osv.dev/vulnerability/PYSEC-2017-74

Increasing the minimum version to 4.12 or higher seems like the
easiest solution.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pavoljuhas pavoljuhas pavoljuhas approved these changes

@vtomole vtomole Awaiting requested review from vtomole vtomole is a code owner

@MichaelBroughton MichaelBroughton Awaiting requested review from MichaelBroughton MichaelBroughton is a code owner automatically assigned from quantumlib/cirq-maintainers

Assignees

@mhucka mhucka

Labels

area/dependencies Size: XS <10 lines changed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mhucka @pavoljuhas @CirqBot