Workflow

PyPi: Mesop

CVE-2024-5569

Transitive

Safety vulnerability ID: 74469

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jul 09, 2024 Updated at Feb 14, 2025
Scan your Python projects for vulnerabilities →

Advisory

Mesop 0.13.0 updates its dependency 'zipp' from 3.15.0 to 3.19.1 to include a security fix.

Affected package

mesop

Latest version: 0.14.1

Build UIs in Python

Affected versions

Fixed versions

Vulnerability changelog

Summary

- Unships the editor/dev tools (only affects editor/debug mode) due to low usage and inherent limitations with the tooling.
- Fixes a significant perf issue related to components rendering - see 1136 for details

What's Changed
* Skip unnecessary trace render loop in WebSockets mode by wwwillchen in https://github.com/google/mesop/pull/1123
* Remove unused handler code from Runtime/Context by wwwillchen in https://github.com/google/mesop/pull/1122
* Change context import to be absolute in runtime.py by wwwillchen in https://github.com/google/mesop/pull/1124
* Bump aiohttp from 3.10.5 to 3.10.11 in /ai/docbot in the pip group across 1 directory by dependabot in https://github.com/google/mesop/pull/1108
* Bump marked from 14.1.3 to 14.1.4 in the npm_and_yarn group by dependabot in https://github.com/google/mesop/pull/1107
* [Snyk] Fix for 10 vulnerabilities by wwwillchen in https://github.com/google/mesop/pull/1091
* [Snyk] Security upgrade zipp from 3.15.0 to 3.19.1 by wwwillchen in https://github.com/google/mesop/pull/1084
* Fix CI deployments (loosen pip requirements & remove unnecessary pip … by wwwillchen in https://github.com/google/mesop/pull/1127
* Allow blob as a valid origin for img/media by wwwillchen in https://github.com/google/mesop/pull/1131
* Do not render expansion panel description if unused by wwwillchen in https://github.com/google/mesop/pull/1129
* Unship devtools/editor-related code by wwwillchen in https://github.com/google/mesop/pull/1135
* Fixes major memory leak in component renderer by wwwillchen in https://github.com/google/mesop/pull/1136
* Restore hot reload functionality by wwwillchen in https://github.com/google/mesop/pull/1138
* Bump to 0.12.10rc1 by wwwillchen in https://github.com/google/mesop/pull/1139
* Restore hot reload keyboard shortcut by wwwillchen in https://github.com/google/mesop/pull/1140
* 0.13.0rc1 by wwwillchen in https://github.com/google/mesop/pull/1141


**Full Changelog**: https://github.com/google/mesop/compare/v0.12.9...v0.13.0

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application