CVE-2021-29510

Advisory

Compliance-trestle 0.15.0 updates its dependency 'pydantic' to 1.8.2 for an security issue.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Feature
* Added error checking and enforce 1 to 1 keys in header validation ([512](https://github.com/IBM/compliance-trestle/issues/512)) ([`da95862`](https://github.com/IBM/compliance-trestle/commit/da958620ffca76cbfae1762159a7ca51007c8b88))
* Role ID cross reference validator and refactors to validators to allow all ([`c894704`](https://github.com/IBM/compliance-trestle/commit/c894704875ae54e8376fb50d62cd064f1d293b66))
* Roleid validation via ncname and parametrized tests ([499](https://github.com/IBM/compliance-trestle/issues/499)) ([`84dc9a2`](https://github.com/IBM/compliance-trestle/commit/84dc9a293e35f1c4010a38c7ecc8f99e5fa7dfb2))

Fix
* Upgrade pydantic to 1.8.2 for security issue ([513](https://github.com/IBM/compliance-trestle/issues/513)) ([`6e01f36`](https://github.com/IBM/compliance-trestle/commit/6e01f36cc6fdfd8b14d453f470968ad7ea4164fa))
* Remove problematic code-QL plugin which is causing problems. ([507](https://github.com/IBM/compliance-trestle/issues/507)) ([`47529a7`](https://github.com/IBM/compliance-trestle/commit/47529a7714f0c99bb711033ca1863651de99dbf5))

Resources

• https://pypi.org/project/compliance-trestle
• https://pyup.io/changelogs/compliance-trestle/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29510