bump chiapos to 2.0.9rc1, with Earle's fix #19233

arvidn · 2025-02-05T15:32:23Z

Purpose:

Current Behavior:

New Behavior:

Testing Notes:

socket-security · 2025-02-05T15:34:10Z

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
pypi/[email protected] 🔁 pypi/[email protected]	Transitive: eval	`+2`	31.7 MB	chia-network

View full report↗︎

socket-security · 2025-02-05T15:34:13Z

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

wjblanke

aok

emlowe · 2025-02-05T18:27:40Z

@SocketSecurity ignore pypi/[email protected]

bump chiapos to 2.0.9rc1, with Earle's fix

cfbc593

arvidn requested a review from a team as a code owner February 5, 2025 15:32

arvidn requested a review from wjblanke February 5, 2025 15:33

arvidn added the Fixed Required label for PR that categorizes merge commit message as "Fixed" for changelog label Feb 5, 2025

wjblanke approved these changes Feb 5, 2025

View reviewed changes

arvidn added the ready_to_merge Submitter and reviewers think this is ready label Feb 5, 2025

pmaslana merged commit 6ad6896 into release/2.5.1 Feb 5, 2025
865 of 868 checks passed

pmaslana deleted the fixed-chiapos branch February 5, 2025 21:27

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bump chiapos to 2.0.9rc1, with Earle's fix #19233

bump chiapos to 2.0.9rc1, with Earle's fix #19233

arvidn commented Feb 5, 2025

socket-security bot commented Feb 5, 2025 •

edited

Loading

socket-security bot commented Feb 5, 2025 •

edited

Loading

wjblanke left a comment

emlowe commented Feb 5, 2025

bump chiapos to 2.0.9rc1, with Earle's fix #19233

bump chiapos to 2.0.9rc1, with Earle's fix #19233

Conversation

arvidn commented Feb 5, 2025

Purpose:

Current Behavior:

New Behavior:

Testing Notes:

socket-security bot commented Feb 5, 2025 • edited Loading

socket-security bot commented Feb 5, 2025 • edited Loading

Next steps

wjblanke left a comment

Choose a reason for hiding this comment

emlowe commented Feb 5, 2025

socket-security bot commented Feb 5, 2025 •

edited

Loading

socket-security bot commented Feb 5, 2025 •

edited

Loading