Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azure-eventhub-checkpointstoreblob-aio - embeds outdated code for azure-storage-blobs #39021

Open
ma-te-o opened this issue Jan 3, 2025 · 1 comment
Open

azure-eventhub-checkpointstoreblob-aio - embeds outdated code for azure-storage-blobs #39021

ma-te-o opened this issue Jan 3, 2025 · 1 comment
Assignees
@kashifkhan
Labels
Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. Event Hubs Messaging Messaging crew needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@ma-te-o
Copy link

ma-te-o commented Jan 3, 2025

Package azure-eventhub-checkpointstoreblob-aio seems to embed code for azure-storage-blob instead of importing from respective package. The point is that the version included is quite old and vulnerable. While the latest package of azure-storage-blob (12.24.0) is free from known vulnerabilities, the one included in azure-eventhub-checkpointstoreblob-aio (latest 1.1.4) shows issues identified in 2022.
@github-actions github-actions bot added customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Jan 3, 2025
@xiangyan99 xiangyan99 added Event Hubs Client This issue points to a problem in the data-plane of the library. and removed needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. labels Jan 3, 2025
@github-actions github-actions bot added needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team labels Jan 3, 2025
@xiangyan99
Copy link
Member

Thanks for the feedback, we’ll investigate asap.

@kashifkhan kashifkhan added the Messaging Messaging crew label Jan 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kashifkhan kashifkhan

Labels
Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. Event Hubs Messaging Messaging crew needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kashifkhan @xiangyan99 @ma-te-o