Skip to content

Request to Patch/Review Security/Vulnerability Fixes #97

Description

@Brandr0id

Hey team,

Several of the dependencies pulled in by the dataplane library that are used to build, test, or otherwise execute as part of the B&A or KV build process currently include known vulnerabilities. While these are low-risk given the nature of the libraries usage and tools in the build process there are patches and fixes in these dependencies available.

We have created PRs to aide with easy to review/merge patches to bump these dependencies while validating existing functionality still builds and runs along with checked in test coverage. Can you please review/merge these PRs and merge or add comments as appropriate? We are happy address any feedback in a timely manner or change the approach if it is desired. If you have guidance/insight into how better to contribute or where pain points may be in accepting contributions from developers already covered by a Google CLA please advise.

Open PRs with Fixes:
privacysandbox/data-plane-shared-libraries#12
Fixes CVE-2024-41110 - https://nvd.nist.gov/vuln/detail/CVE-2024-41110

privacysandbox/data-plane-shared-libraries#13
Fixes CVE-2023-36665 - https://nvd.nist.gov/vuln/detail/CVE-2023-36665

privacysandbox/data-plane-shared-libraries#14
Fixes CVE-2024-41110 - https://nvd.nist.gov/vuln/detail/CVE-2024-41110

CC: @chatterjee-priyanka @michaelkleber

Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions