-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pinned requests library is vulnerable #56
Comments
And the ciscoisesdk can't be installed in an ansible project which uses ansible-lint in a version newer than vscode ➜ /workspaces/cisco_ise_operation (release/1.0.0) $ poetry add ciscoisesdk
Skipping virtualenv creation, as specified in config file.
Using version ^2.1.2 for ciscoisesdk
Updating dependencies
Resolving dependencies... (14.5s)
Because no versions of ciscoisesdk match >2.1.2,<3.0.0
and ciscoisesdk (2.1.2) depends on requests (>=2.27.1,<=2.28), ciscoisesdk (>=2.1.2,<3.0.0) requires requests (>=2.27.1,<=2.28).
And because ansible-lint (6.21.1) depends on requests (>=2.31.0), ciscoisesdk (>=2.1.2,<3.0.0) is incompatible with ansible-lint (6.21.1).
So, because ansible depends on both ciscoisesdk (^2.1.2) and ansible-lint (6.21.1), version solving failed. |
The restriction of requests >=2.27.1, <=2.28 has been removed. I am going to close the issue, in case of any problem feel free to reopen the issue or create a new one |
Thanks @bvargasre |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I was wondering if there's any specific reason to pin the
requests
version to ">=2.27.1, <=2.28"?Since version 2.0.10 we've been using
requests
version "2.31.0" without any issues.Here's the link to the vulnerability report.
The text was updated successfully, but these errors were encountered: