You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
installing keplergl via pip install keplergl raises the following warning:
+==============================================================================+
| REPORT |
| checked 330 packages, using free DB (updated once a month) |
+============================+===========+==========================+==========+
| package | installed | affected | ID |
+============================+===========+==========================+==========+
| keplergl | 0.3.0 | <2.4.0 | 39211 |
+==============================================================================+
| Keplergl 2.4.0 fixes several security vulnerabilities (9a13ce68). No details |
| were provided. |
+==============================================================================+
This is a false positive:
the pip package https://pypi.org/project/keplergl/ is currently at version 0.3.x.
On pypi it is linked to the parent repo containing the javascript code for kepler.gl which is currently at version 2.5.x.
The vulnerability check here is thus comparing the version of two different things which happen to live in the same repository.
The offending entry in the database seems to be:
"keplergl": [
{
"advisory": "Keplergl 2.4.0 fixes several security vulnerabilities (9a13ce68). No details were provided.",
"cve": "PVE-2021-39211",
"id": "pyup.io-39211",
"specs": [
"<2.4.0"
],
"v": "<2.4.0"
}
],
The text was updated successfully, but these errors were encountered:
installing
keplergl
viapip install keplergl
raises the following warning:This is a false positive:
the pip package https://pypi.org/project/keplergl/ is currently at version 0.3.x.
On pypi it is linked to the parent repo containing the javascript code for
kepler.gl
which is currently at version 2.5.x.The vulnerability check here is thus comparing the version of two different things which happen to live in the same repository.
The offending entry in the database seems to be:
The text was updated successfully, but these errors were encountered: