Currently, the u-ade project is actively maintained and supports the latest minor versions.

We take the security of u-ade seriously. If you discover a security vulnerability within u-ade, please report it by opening an issue on our GitHub repository. We will acknowledge your report within 48 hours and provide a more detailed response within 72 hours.

Vulnerable Package: filelock Version: 3.19.1 (installed version in Python 3.9 environments) Identified Vulnerabilities:

• GHSA-w853-jp5j-5j7f
• GHSA-qmgc-5h2g-mvrw Root Cause: The patched versions of filelock (e.g., 3.20.1, 3.20.3) require Python 3.10 or newer. The current project configuration specifies requires-python = ">=3.9", leading to version 3.19.1 being installed in Python 3.9 environments. Impact: Refer to the respective GHSA advisories for details on the potential impact of these vulnerabilities. Mitigation/Recommendation:
• For environments constrained to Python 3.9, this vulnerability remains. Users should assess the risk based on their specific use case.
• Recommended Long-Term Fix: Upgrade the Python environment to 3.10 or newer to allow installation of patched filelock versions. This may require broader compatibility testing within the project.

Last Updated: 2026-01-26