🚨 Fix security scanning for CVE-2022-42969
#819
Merged
Commits on Nov 21, 2022
-
🔒 Temporarily ignore CVE-2022-42969
Must remove dependence on transitive dependencies: ``` ❯ poetry show py name : py version : 1.11.0 description : library with cross-python path, ini-parsing, io, code, log facilities required by - pytest-forked * - pyzmq * - tox >=1.4.17 ``` Note: - `pytest-forked` removed as of tox `3.0.0` - tox does not use affected part of the library, and 4.0 will remove py dependency completely.
-
🍪 🔒 Ignore CVE-2022-42969 until tox 4.0
Used by tox: ``` ❯ poetry show py name : py version : 1.11.0 description : library with cross-python path, ini-parsing, io, code, log facilities required by - tox >=1.4.17 ``` But tox does not use the affected part of the library - ref: tox-dev/tox#2524 (comment)
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.