Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add module py back and ignore the vulnerability 51457 #109

Merged
merged 4 commits into from
Mar 27, 2023
Merged

Add module py back and ignore the vulnerability 51457 #109

merged 4 commits into from
Mar 27, 2023

Conversation

can-sun
Copy link
Contributor

@can-sun can-sun commented Mar 27, 2023
edited
Loading

Issue #, if available:

Verified that pytest-parallel has a dependency on pylib and for some reason, pytest-parallel is not installing it correctly.

Issue can be found here kevlened/pytest-parallel#118

The work-around is adding the pylib manually in Pipfile however 1.11.0 (latest) fails the vulnerability check which should be ignored recommended by the author of the module.

+================================================================================================================================+
 VULNERABILITIES FOUND
+================================================================================================================================+

-> Vulnerability found in py version 1.11.0
   Vulnerability ID: 51457
   This vulnerability is being ignored.
   For more information, please visit https://pyup.io/v/51457/f17

 Scan was completed. 0 vulnerabilities were found. 1 vulnerability from 1 package was ignored.

+================================================================================================================================+

Description of changes:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

xiaoxshe
xiaoxshe reviewed Mar 27, 2023
View reviewed changes
Makefile
# temporarily bypass py=1.1.0 because pytest-parallel has a dependency on it however the module is no longer maitained.
# In the future the pylib will be removed from pytest-parallel dependency and 51457 should only impact the local tests.
# For more info, https://github.com/pytest-dev/py/issues/287
pipenv run safety check -i 43975 -i 51457 # https://github.com/pyupio/safety
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The ignore is recommended by the author. So temp to approve this to unblock Can's MCM.

@mahendruajay mahendruajay merged commit 104cbf4 into aws:master Mar 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xiaoxshe xiaoxshe xiaoxshe approved these changes

@mahendruajay mahendruajay mahendruajay approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@can-sun @mahendruajay @xiaoxshe