Closed swryan closed 5 months ago
Using ensurepip in the test workflow is resulting in pip version 22.3.1 which has a security vulnerability:
ensurepip
Found 1 known vulnerability in 1 package Name Version ID Fix Versions ---- ------- -------------- ------------ pip 22.3.1 PYSEC-2023-228 23.3
Removing ensurepip results in using pip version 24.0, which does not have the vulnerability:
pip 24.0 pyhd8ed1ab_0 conda-forge
Since the pip version is not really germane to the tests, the ensurepip call has been removed.
None
Summary
Using
ensurepip
in the test workflow is resulting in pip version 22.3.1 which has a security vulnerability:Removing
ensurepip
results in using pip version 24.0, which does not have the vulnerability:Since the pip version is not really germane to the tests, the
ensurepip
call has been removed.Related Issues
Backwards incompatibilities
None
New Dependencies
None