py package dependency #2816
-
|
Hi community, In the https://github.com/seleniumbase/SeleniumBase/blob/master/requirements.txt, there is a py==1.11.0 dependency. As pytest has its own package, I am wondering if the py package still in use. py package is in maintenance mode and it triggers security scanning tools because of its vulnerabilities GHSA-w596-4wvx-j9j6 , if it is not in use any more, is there any chance that the package can be removed from the dependencies ? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
The "vulnerability" mentioned is a false positive and is disputed in https://nvd.nist.gov/vuln/detail/CVE-2022-42969 - The |
Beta Was this translation helpful? Give feedback.
The "vulnerability" mentioned is a false positive and is disputed in https://nvd.nist.gov/vuln/detail/CVE-2022-42969 -
Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability.The
pydependency is used by thepytest-htmlversion that SeleniumBase depends on.