Product Research Enterprise Plans Docs

PyPi: Ultralytics-Actions

CVE-2024-35195

Transitive

Safety vulnerability ID: 74821

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 20, 2024 Updated at Apr 02, 2025

Scan your Python projects for vulnerabilities →

Advisory

The Ultralytics-actions dependency has been updated to require requests library version 2.32.3 or higher. This update was made to address the security vulnerability identified by CVE-2024-35195.

Affected package

ultralytics-actions

Latest version: 0.0.61

Ultralytics Actions for GitHub automation and PR management.

Affected versions

Fixed versions

Vulnerability changelog

🌟 Summary
The `v0.0.35` release updates dependencies, optimizes workflows, and improves functionality, security, and compatibility, ensuring a smoother experience for developers and users. 🚀

---

📊 Key Changes
- **Dependency Updates**:
- Upgraded `ruff` to `>=0.8.4` (previously `>=0.1.6`) for enhanced linting and code quality checks. 📦
- Updated `requests` library to `>=2.32.3` for security fixes and improved stability. 🛡️
- Bumped GitHub Action `astral-sh/setup-uv` to v5 for better pipeline efficiency and caching defaults. 🔄

- **Workflow Enhancements**:
- Updated GitHub workflows (`format.yml` and `publish.yml`) to ensure token fallback reliability and utilize the latest action versions. ⚙️
- Optimized formatting and package installation processes for macOS compatibility and minimized redundant installations. 🍎

- **Code Improvements**:
- Broader URL validation support by adding domains like LinkedIn, Twitter, and Google Cloud Storage to the allowlist. 🌐
- Modernized link checking with `requests.head` for better performance and simplified code. 🛠️
- Multi-threaded link validation for faster processing. ⚡

---

🎯 Purpose & Impact
- **Improved Development Efficiency**: Keeping dependencies up to date ensures access to the latest features, security enhancements, and compatibility fixes. 🏗️
- **Enhanced Reliability**: Workflow improvements and better URL validation reduce potential errors and improve robustness in CI/CD pipelines. ✅
- **Faster Processing**: Multi-threaded URL checking ensures performance remains optimal for large datasets or projects with numerous links. 🚀
- **Simplified Maintenance**: Streamlining workflows, removing unused dependencies, and modernizing tools make the codebase leaner and easier to manage. 🧹

This release delivers critical quality-of-life updates to developers and reinforces the infrastructure to prevent potential issues while improving speed and adaptability. 📈

What's Changed
* Update format.yml by glenn-jocher in https://github.com/ultralytics/actions/pull/338
* Update `is_url` link checking by glenn-jocher in https://github.com/ultralytics/actions/pull/341
* Update `check_links_in_string` by glenn-jocher in https://github.com/ultralytics/actions/pull/342
* Update requests>=2.32.3 by glenn-jocher in https://github.com/ultralytics/actions/pull/344
* Bump astral-sh/setup-uv from 4 to 5 by dependabot[bot] in https://github.com/ultralytics/actions/pull/339
* Update format.yml by glenn-jocher in https://github.com/ultralytics/actions/pull/345
* Bump astral-sh/setup-uv from 4 to 5 in /.github/workflows by dependabot[bot] in https://github.com/ultralytics/actions/pull/340
* Update ruff>=0.8.4 by glenn-jocher in https://github.com/ultralytics/actions/pull/343

**Full Changelog**: https://github.com/ultralytics/actions/compare/v0.0.34...v0.0.35

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35195

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application