Unpin/relax tqdm version constraint

HunterMcGushion / docstr_coverage

Docstring coverage analysis and rating for Python

MIT License

95 stars 19 forks source link

Unpin/relax tqdm version constraint #141

Closed ghost closed 5 months ago

ghost commented 5 months ago

Hi, I'd like to ask if it's possible for a new release of this tool be made with the version constraint on tqdm relaxed?

Unfortunately there is this (admittedly innocuous) vulnerability CVE-2024-34062 affecting tqdm<4.66.3, however, dependency scanning tools have started flagging it, and it's difficult/impossible to update tqdm when docstr-coverage pins to an old version.

Thanks!

Regards, Toby

MiWeiss commented 5 months ago

Thanks for the report!

Not sure why I pinned the version in the first place 🤦 . #142 should fix this.

@HunterMcGushion would you be available to release a path with this minor change anytime toon?

HunterMcGushion commented 5 months ago

Thank you for the report, @tharradine! And thank you, @MiWeiss, for the quick fix! We'll get this merged and released.

HunterMcGushion commented 5 months ago

Closed by #142

HunterMcGushion commented 5 months ago

@tharradine, @MiWeiss, v2.3.2 has been released with Michael's update. Thanks again for the report, Toby!