Member

Due to an upstream issue, we had to skip CVE-2023-5752 to fix CI:

• Fix CI: ignore CVE-2023-5752 #102

The issue has now been fixed and released in the actions/python-versions repo:

• fix: use --upgrade rather than --ignore-installed to upgrade pip actions/python-versions#268
• Use --upgrade instead of --ignore-installed to upgrade pip. actions/python-versions#254

The actions/setup-python repo still doesn't have a release, even though the issue should be fixed:

• Remove leftover pip-23.2.dist-info in site-packages actions/setup-python#785

Since there is no setup-python release yet, the CI for this PR might fail. I created it as a reminder to remove the skip and to test whether the issue is actually fixed.

Member

Good to hear! Let's convert to draft until the next actions/setup-python release.

Merge branch 'main' into revert-102

f92b6e7

Merge branch 'main' into revert-102

d2525e6

Member Author

Looks like this is working now. Unfortunately we had to add another --ignore in #129, so I'll create another PR for that.

View reviewed changes

Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.