Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to deal with vulnerabilities that won't be resolved anytime soon? #593

Closed
sebastian-philipp opened this issue Apr 13, 2023 · 1 comment
Closed

How to deal with vulnerabilities that won't be resolved anytime soon? #593

sebastian-philipp opened this issue Apr 13, 2023 · 1 comment
Labels
enhancement New feature or request

Comments

@sebastian-philipp
Copy link

sebastian-philipp commented Apr 13, 2023
edited

Hi,

I'm dealing with pytest-dev/py#293 right now:

$ pip-audit -r constraints.txt
Found 1 known vulnerabilities in 1 package
Name         Version ID                  Fix Versions
------------ ------- ------------------- -------------------
py           1.11.0  PYSEC-2022-42969

But it turns out that this is a very low-impact issue and won't be resolved given the maintenance status of py. I know there is a --ignore-vuln, but I'd like to ask for a best practice to deal with this. Given that py is a package used in many many projects and affected by a low-priority vuln that will likely never be fixed.

See also: pytest-dev/py#287 (comment)
@sebastian-philipp sebastian-philipp added the enhancement New feature or request label Apr 13, 2023
@sebastian-philipp
Copy link
Author

seems to be solved by pytest 7.2.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sebastian-philipp