Product Research Enterprise Plans Docs

PyPi: Geoschem-Gcpy

CVE-2024-56326

Transitive

Safety vulnerability ID: 75248

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Dec 23, 2024 Updated at Jan 30, 2025

Scan your Python projects for vulnerabilities →

Advisory

Geoschem-gcpy updates `jinja` to 3.1.5 due to the CVE-2024-56326.

Affected package

geoschem-gcpy

Latest version: 1.6.0

None

Affected versions

Fixed versions

Vulnerability changelog

Added
- Added example script `gcpy/examples/hemco/make_hemco_sa_spec.py` (creates the HEMCO standalone configuration file `HEMCO_sa_Spec.rc`)
- Added module `benchmark_gcclassic_stats.py` for scraping statistics from GEOS-Chem Classic cloud benchmarks
- Added dry deposition velocity comparison plots in 1-month cloud benchmarks
- Added `gcpy/benchmark/modules/benchmark_species_changes.py` to compute the table of species changes between versions
- Added `gcpy/kpp/` folder containing scripts to plot output from the KPP-Standalone box model
- Added ReadTheDocs documentation for plotting output from the KPP-Standalone box model

Changed
- Changed format of `% diff` column from `12.3e` to `12.3f` in benchmark timing tables
- Updated `gcpy/benchmark/modules/emission_species.yml` file with emission species for GEOS-Chem 14.5.0
- Updated `gcpy/benchmark/modules/benchmark_categories.yml` with the latest categories for GEOS-Chem 14.5.0
- Updated `gcpy/benchmark/modules/lumped_species.yml` with speciations for GEOS-Chem 14.5.0
- Add `DryDep` to list of collections included in benchmark summary table
- Updated `checkout` GitHub action to v4
- Updated `CodeQL` GitHub action to v3
- Updated `publish-python` GitHub action to v5
- In environment files `gcpy_environment.yml` and `gcpy_requirements.txt`:
- Update `python` to 3.12.0
- Update `xesmf` to 0.8.5
- Update `esmf` and `esmpy` to 8.6.1
- In environment files `read_the_docs_environment.yml` and `read_the_docs_requirements.txt`
- Update `jinja` to 3.1.5 (fixes a security issue)
- Update `gcpy/setup.py` with the new Python package version numbers
- Updated code in `gcpy/benchmark/modules/` to replace whitespace in Ref and Dev labels with underscores

Fixed
- Fixed formatting error in `.github/workflows/stale.yml` that caused the Mark Stale Issues action not to run
- Now flag differences greater than +/- 10% in benchmark timing table outputs
- Fixed error in computation of dynamic ratio plot min & max values in `plot/six_plot.py`
- Fixed erroneous species classification in `gcpy/benchmark/modules/benchmark_categories.yml`
- Fixed type errors in `calc_rectilinear_lon_edge` and `calc_rectangular_lat_edge` by casting the length of the output array from `float` to `int`

Removed
- Removed `gcpy/benchmark/modules/species_database.yml` file and corresponding code pointing to this

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56326

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application