Version 3005.2 is a CVE security fix release for 3005.
Additional required package upgrades
It's now pyzmq>=20.0.0 on all platforms, and <=22.0.3 just for windows.
Upgrade to pyopenssl==23.0.0 due to the cryptography upgrade. (#63757)
fix CVE-2023-20897 by catching exception instead of letting exception disrupt connection (cve-2023-20897)
Fixed gitfs cachedir_basename to avoid hash collisions. Added MP Lock to gitfs. These changes should stop race conditions. (cve-2023-20898)
Upgrade to requests==2.31.0
Upgrade to cryptography==41.0.3`(and therefor `pyopenssl==23.2.0 due to https://github.com/advisories/GHSA-jm77-qphf-c4w8)
Also resolves the following cryptography advisories:
There is no security upgrade available for Py3.5 (#64595)
Bump to certifi==2023.07.22 due to https://github.com/advisories/GHSA-xqr8-7jwr-rhp7
Python 3.5 cannot get the updated requirements since certifi no longer supports this python version (#64720)