Upgrade out of CVEs


I’m using a trivy image scan to detect vulnerabilities on my project and noticed that the there are a few vulnerabilities being detected inside the temporal python sdk. Actually, they appear to be nested fairly deep in the rust libraries.


Is it possible to upgrade out of these in the next sdk release?

Yes, see [Feature Request] Update rustls and mio in Rust dependencies · Issue #520 · temporalio/sdk-python · GitHub. We will look to do this before next release.

1 Like