meta-openembedded

mirrors/meta-openembedded

Fork 0

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-12 15:31:45 +00:00

Commit Graph

Author	SHA1	Message	Date
Gyorgy Sarvari	6ab68968c2	python3-joblib: set CVE_PRODUCT The relevant CVEs are tracked with joblib_project:joblib CPE, and the default python:joblib CPE doesn't match this. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%joblib%'; CVE-2022-21797\|joblib_project\|joblib\|\|\|1.1.1\|< CVE-2024-34997\|joblib_project\|joblib\|1.4.2\|=\|\| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:02 -08:00
Wang Mingyu	b92546dea2	python3-joblib: upgrade 1.5.2 -> 1.5.3 Changelog: =========== - The Memory object won't overwrite an already existing .gitignore file in its cache directory anymore. - Harden the safety checks in eval_expr(pre_dispatch) to prevent excessive memory allocation and potential crashes by limiting the allowed length of the expression and the maximum numeric value of sub-expressions and not evaluating expressions with non-numeric literals. - Vendor cloudpickle 3.1.2 to fix a pickling problem with interactively defined abstract base classes and type annotations in Python 3.14+. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:28 -08:00

Author

SHA1

Message

Date

Gyorgy Sarvari

6ab68968c2

python3-joblib: set CVE_PRODUCT

The relevant CVEs are tracked with joblib_project:joblib CPE, and the
default python:joblib CPE doesn't match this. Set the CVE_PRODUCT
accordingly.

See CVE db query:
sqlite> select * from products where product like '%joblib%';
CVE-2022-21797|joblib_project|joblib|||1.1.1|<
CVE-2024-34997|joblib_project|joblib|1.4.2|=||

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

2025-12-31 08:34:02 -08:00

Wang Mingyu

b92546dea2

python3-joblib: upgrade 1.5.2 -> 1.5.3

Changelog:
===========
- The Memory object won't overwrite an already existing .gitignore file in its
  cache directory anymore.
- Harden the safety checks in eval_expr(pre_dispatch) to prevent excessive
  memory allocation and potential crashes by limiting the allowed length of the
  expression and the maximum numeric value of sub-expressions and not evaluating
  expressions with non-numeric literals.
- Vendor cloudpickle 3.1.2 to fix a pickling problem with interactively defined
  abstract base classes and type annotations in Python 3.14+.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

2025-12-24 13:18:28 -08:00

2 Commits