The security issue is in the py library and it's included by pytest. As mentioned in the issue, pytest doesn't trigger the security issue so we should be totally fine. But I think we should still resolve it to dismiss the security alert, otherwise someone else using pick may get the same security alert.
As mentioned in the security issue, the simple way to resolve it is just to upgrade pytest's version, which removed the py dependency.
The main reason to upgrade pytest is that GitHub said this repo has a security issue: https://github.com/wong2/pick/security/dependabot/1
The security issue is in the
pylibrary and it's included bypytest. As mentioned in the issue, pytest doesn't trigger the security issue so we should be totally fine. But I think we should still resolve it to dismiss the security alert, otherwise someone else usingpickmay get the same security alert.As mentioned in the security issue, the simple way to resolve it is just to upgrade pytest's version, which removed the
pydependency.