Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

py==1.11.0 vulnerability #80

Closed
thebaptiste opened this issue Jan 12, 2023 · 3 comments
Closed

py==1.11.0 vulnerability #80

thebaptiste opened this issue Jan 12, 2023 · 3 comments
Labels
question

Comments

@thebaptiste
Copy link

thebaptiste commented Jan 12, 2023
edited

Hello

It would be great to remove the dependency on the py library which is no longer maintained anymore and has security issue :

See pytest-dev/py#287

Regards
@webknjaz
Copy link
Member

Who said that it's not maintained? The description there literally says "maintenance mode".
Also, can you explain in what way it can realistically be harmful to this plugin?

@thebaptiste
Copy link
Author

thebaptiste commented Jan 13, 2023
edited

You are right, I'm wrong, I was misled by this issue on pytest-html
This vulnerability on py is most likely not very harmful for the pytest-forked plugin (I had not read all the comments on it)
Sorry for the noise, you can close.

@nicoddemus
Copy link
Member

Thanks @thebaptiste,

That security vulnerability does not apply to pytest-fork, as it does not use py.svn.

However it is certainly in our interest to remove the dependency to py. 👍

@skupr-anaconda skupr-anaconda mentioned this issue Oct 23, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@webknjaz @nicoddemus @thebaptiste