Safety vulnerability ID: 67088
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Pinecone-client 2.2.2 now specifies its numpy dependency to be version 1.22.0 or higher, aiming to rectify a low-severity vulnerability identified as CVE-2021-34141.
Latest version: 6.0.0
Pinecone client (DEPRECATED)
Changelog
Security Fixes
- `numpy` dependency from unpinned to `>=1.22.0` to address low severity [CVE-2021-34141](https://www.cve.org/CVERecord?id=CVE-2021-34141)
- `protobuf` dependency from `3.19.3` to `~=3.19.5` to address [a potential denial-of-service vector](https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf). This should only affect those consuming the grpc-flavored version of the client via `pinecone-client[grpc]`.
Numpy features deprecated
We plan to remove our dependency on numpy in a future release to simplify the install experience. Deprecation warnings have been added to code paths where numpy is currently in use. Let us know if you have concerns about this.
End of Python 3.7 Support
We have also removed support for Python 3.7 which has reached the [official end-of-life](https://peps.python.org/pep-0537/). The last version of the `pinecone-client` to support Python 3.7 is v2.2.1. Our `numpy` dependency forced our hand in this decision to drop support because numpy 1.22.0 [no longer supports Python 3.7](https://numpy.org/devdocs/release/1.22.0-notes.html#python-3-7-is-no-longer-supported).
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application