Product Research Enterprise Plans Docs

PyPi: Civis

CVE-2024-35195

Transitive

Safety vulnerability ID: 71529

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 20, 2024 Updated at Nov 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

Dwave-cloud-client version 0.12.0 increases the minimum required version of requests to 2.32.3 due to a security vulnerability in versions below 2.32.0, identified as CVE-2024-35195.

Affected package

civis

Latest version: 2.4.1

Civis API Python Client

Affected versions

Fixed versions

Vulnerability changelog

Added
- Added a script for checking if the Civis API spec is up-to-date. (489)
- Added a new keyword argument `sql_params_arguments` to the `civis.io.*` functions that
accept a SQL query, so that the user can run a parameterized SQL script. (493)

Changed
- Refactored the `civis.parallel` module and related unit tests due to major changes
of joblib from v1.2.0 to v1.3.0 (API-breaking changes for dropping
`joblib.my_exceptions.TransportableException` and `joblib.format_stack.format_exc`,
as well as the substantial changes to the internals of `joblib.Parallel`). (488)
- Bumped the minimum required version of `joblib` to v1.3.0,
which is the version where `joblib.parallel_config` was introduced and
`joblib.parallel_backend` was deprecated. (488)
- Improved the startup time of `import civis` with a 5x speed boost. (490, 493)
- The downloaded API spec due to the `civis.APIClient` instantiation is now
a time-to-live cache in memory (15 minutes for interactive Python, or 24 hours in scripts). (491)
- Polling at `PollableResult` (and consequently its subclasses as well: `CivisFuture`,
`ContainerFuture`, and `ModelFuture`) now defaults to geometrically increased polling
intervals. Short-running jobs' `future.result()` can now return faster, while
longer-running jobs have a capped polling interval of 15 seconds. (492)
- Comparing a `Response` object with a non-`Response` object returns `False` now
(this previously raised a `TypeError`). (493)

Fixed
- Fixed `civis.parallel.make_backend_template_factory` so that
keyword arguments are now accepted and passed to `client.scripts.post_custom`. (488)
- For `Response` objects, their "repr" form shows the class name "Response" for both
top-level and nested response objects. (493)

Security
- Bumped the minimum required version of `requests` to the latest v2.32.3,
due to a security vulnerability for < v2.32.0
([CVE-2024-35195](https://nvd.nist.gov/vuln/detail/CVE-2024-35195)). (#488)

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35195

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application