Open sobolevn opened 7 months ago
It is a dev-dependency and there's no real vulnerability. This is why a job in my CI fails: https://github.com/PyCQA/isort/pull/2241
Link to CVE: https://data.safetycli.com/v/64484/f17
Or you can bump bandit to 1.7.8: https://pypi.org/project/bandit/1.7.8/
bandit
It is a dev-dependency and there's no real vulnerability. This is why a job in my CI fails: https://github.com/PyCQA/isort/pull/2241
Link to CVE: https://data.safetycli.com/v/64484/f17
Or you can bump
banditto 1.7.8: https://pypi.org/project/bandit/1.7.8/