Comments (2)
tracyboehrer
commented on June 13, 2024
This is somewhat under dispute. pickle in Python itself would have the same behavior. The use case in SDK is that it's used to serialize objects in ConversationState to storage (Blobs or CosmosDB). We could clear the alert by implementing our own serialization, but the behavior would be exactly the same.
from botbuilder-python.
tracyboehrer
commented on June 13, 2024
Switching to version later that 1.4.2 do not change the alert for us. I really didn't expect it to.
Given:
"Both jsonpickle and pickle are documented as being able to execute arbitrary code when loading pickles, and intended for use only with trusted data. This is expected behaviour, as clearly indicated in the jsonpickle README and at https://docs.python.org/3/library/pickle.html"
And that this is only being used when storing/retrieving data for ConversationState and UserState (a trusted source), it is not of high risk.
We can continue to look for an alternative solution, but in the end it will still perform the same type actions.
from botbuilder-python.
Related Issues (20)
- port: CertificateServiceClientCredentialsFactory
- Ability to pass BotFrameworkConnectorConfiguration into ConfigurationBotFrameworkAuthentication
- Add AllowedCallersClaimsValidator, AllowedSkillsClaimsValidator
- ESRP in build pipelines HOT 1
- aiohttp.web_exceptions.HTTPNotFound: Not Found HOT 7
- Recommended change to 3.8.6 or above HOT 2
- CloudAdapter' object has no attribute 'create_connector_client' HOT 13
- Add connect_named_pipe method to CloudAdapter in support of DirectLine Speech
- Can't deploy echo-bot.py. ModuleNotFoundError: No module named 'aiohttp' HOT 3
- botbuilder-integration-aiohttp - Python 3.12 compatibility HOT 4
- TeamsChannelAccount model missing aadObjectId
- Bot gives same response multiple times when deployed with azure bot service HOT 4
- BotBuilder-Python SSO not working HOT 5
- SSO: AttributeError: 'CloudAdapter' object has no attribute 'exchange_token' HOT 2
- Occasional unexpected ConversationNotFound
- AttributeError: 'CloudAdapter' object has no attribute 'sign_out_user' HOT 4
- Starting from 4.15.0 - <Request POST /api/messages > has failed with exception: KeyError('access_token') HOT 3
- Need to upgrade aiohttp dependency to 3.9.4 HOT 1
- use managed identity in Python bot HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from botbuilder-python.