A tool used to check if a CNAME resolves to the scope address. If the CNAME resolves to a non-scope address it might be worth checking out if subdomain takeover is possible.
MIT License
130
stars
39
forks
source link
Potential dependency conflicts between autosubtakeover and idna #6
Hi, as shown in the following full dependency graph of autosubtakeover, tldextract requires *_idna _ , while the installed version of requests(2.22.0) requires _idna >=2.5,<2.9**_.
According to Pip's “first found wins” installation strategy, idna 2.8 is the actually installed version.
Although the first found package version idna 2.8 just satisfies the later dependency constraint (idna >=2.5,<2.9), it will lead to a build failure once developers release a newer version of idna.
Dependency tree--------
autosubtakeover - 0.1
| +- aiodns(install version:2.0.0 version range:*)
| | +- pycares(install version:3.0.0 version range:>=3.0.0)
| | | +- cffi(install version:1.13.2 version range:>=1.5.0)
| | +- typing(install version:3.7.4.1 version range:*)
| +- asyncio(install version:3.4.3 version range:*)
| +- click(install version:7.0 version range:*)
| +- pycares(install version:3.0.0 version range:*)
| | +- cffi(install version:1.13.2 version range:>=1.5.0)
| +- tldextract(install version:2.2.2 version range:*)
| | +- idna(install version:2.8 version range:*)
| | +- requests(install version:2.22.0 version range:>=2.1.0)
| | | +- certifi(install version:2019.9.11 version range:>=2017.4.17)
| | | +- chardet(install version:3.0.4 version range:<3.1.0,>=3.0.2)
| | | +- idna(install version:2.8 version range:>=2.5,<2.9)
| | | +- urllib3(install version:1.25.7 version range:<1.26,>=1.21.1)
| | +- requests-file(install version:1.4.3 version range:>=1.4)
| | | +- requests(install version:2.22.0 version range:>=1.0.0)
| | | | +- certifi(install version:2019.9.11 version range:>=2017.4.17)
| | | | +- chardet(install version:3.0.4 version range:<3.1.0,>=3.0.2)
| | | | +- idna(install version:2.8 version range:>=2.5,<2.9)
| | | | +- urllib3(install version:1.25.7 version range:<1.26,>=1.21.1)
| | | +- six(install version:1.13.0 version range:*)
| | +- setuptools(install version:42.0.1 version range:*)
| +- tornado(install version:6.0.3 version range:*)
Hi, as shown in the following full dependency graph of autosubtakeover, tldextract requires *_idna _ , while the installed version of requests(2.22.0) requires _idna >=2.5,<2.9**_.
According to Pip's “first found wins” installation strategy, idna 2.8 is the actually installed version.
Although the first found package version idna 2.8 just satisfies the later dependency constraint (idna >=2.5,<2.9), it will lead to a build failure once developers release a newer version of idna.
Dependency tree--------
Thanks for your attention. Best, Neolith