We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tox has a direct dependency on py which is somewhat unmaintained and has had a dodgy CVE filed against it.
output of pipenv graph (but really, the py dep is visible in setup.cfg, too.
pipenv graph
tox==3.27.0 - colorama [required: >=0.4.1, installed: 0.4.6] ... - py [required: >=1.4.17, installed: 1.11.0] - six [required: >=1.14.0, installed: 1.16.0]
Pytest also had a dependency on py and decided to vendorize the parts they needed. There is a whole video about the issue. https://www.youtube.com/watch?v=aZS3_-y6vsg
py
The work around is to tell everyone to convince the corporate security team to ignore this CVE, which I guess works but scales poorly.
The text was updated successfully, but these errors were encountered:
Duplicate of #2524.
Btw the linked video was created by a maintainer of tox :-)
Sorry, something went wrong.
No branches or pull requests
tox has a direct dependency on py which is somewhat unmaintained and has had a dodgy CVE filed against it.
output of
pipenv graph
(but really, the py dep is visible in setup.cfg, too.Pytest also had a dependency on
py
and decided to vendorize the parts they needed. There is a whole video about the issue. https://www.youtube.com/watch?v=aZS3_-y6vsgThe work around is to tell everyone to convince the corporate security team to ignore this CVE, which I guess works but scales poorly.
The text was updated successfully, but these errors were encountered: