Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🚨 Fix security scanning for CVE-2022-42969 #819

Merged
merged 2 commits into from Nov 21, 2022
Merged

🚨 Fix security scanning for CVE-2022-42969 #819

merged 2 commits into from Nov 21, 2022

Conversation

TeoZosa
Copy link
Owner

@TeoZosa TeoZosa commented Nov 21, 2022
edited

WHAT

SSIA.

WHY

Unapplicable to this project. Mostly related to, but tox does not use the affected part of the library.

@TeoZosa
🔒 Temporarily ignore CVE-2022-42969
ec0dcbd 
Must remove dependence on transitive dependencies:
```
❯ poetry show py
 name         : py
 version      : 1.11.0
 description  : library with cross-python path, ini-parsing, io, code, log facilities

required by
 - pytest-forked *
 - pyzmq *
 - tox >=1.4.17
```

Note:
  - `pytest-forked` removed as of tox `3.0.0`
  - tox does not use affected part of the library, and 4.0 will remove
  py dependency completely.
@TeoZosa
🍪 🔒 Ignore CVE-2022-42969 until tox 4.0
55bbeb7 
Used by tox:
```
❯ poetry show py
 name         : py
 version      : 1.11.0
 description  : library with cross-python path, ini-parsing, io, code, log facilities

required by
 - tox >=1.4.17
```

But tox does not use the affected part of the library
- ref: tox-dev/tox#2524 (comment)
@TeoZosa TeoZosa self-assigned this Nov 21, 2022
@TeoZosa TeoZosa added cookiecutter Changes outside of the template directory testing Adding missing tests or correcting existing tests labels Nov 21, 2022
@TeoZosa TeoZosa merged commit 051a9a1 into master Nov 21, 2022
@TeoZosa TeoZosa deleted the security/cve-2022-42969 branch November 21, 2022 01:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@TeoZosa TeoZosa

Labels
cookiecutter Changes outside of the template directory testing Adding missing tests or correcting existing tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@TeoZosa