Closed bigpick closed 1 year ago
Unpins the requests dependency, but adds a pinned urllib3 dependency. Upstream requests says "this isn't a requests problem, its a how you're getting urllib3 problem"; Also - CVE-2023-32681 is getting flagged in requests < 2.31.0, so hopefully this would resolve that, as well.
From a fresh python 3.9.16 venv via direnv:
export PYENV_VERSION=3.9.16 layout python3
Then
which detect-secrets detect-secrets not found pip install --upgrade "git+https://github.com/bigpick/detect-secrets.git@unpin-requests-dep#egg=detect-secrets" detect-secrets --version 0.13.1+ibm.61.dss detect-secrets scan --update .secrets.baseline --use-all-plugins . echo $? 0 detect-secrets audit .secrets.baseline Nothing to audit!
Info
Unpins the requests dependency, but adds a pinned urllib3 dependency. Upstream requests says "this isn't a requests problem, its a how you're getting urllib3 problem"; Also - CVE-2023-32681 is getting flagged in requests < 2.31.0, so hopefully this would resolve that, as well.
Misc
From a fresh python 3.9.16 venv via direnv:
Then