[Snyk] Specify version for setuptools

fecgov / fecfile-web-api

Back-end API for FECfile application

8 stars 2 forks source link

[Snyk] Specify version for setuptools #972

Closed exalate-issue-sync[bot] closed 1 month ago

exalate-issue-sync[bot] commented 1 month ago

Snyk is reporting a vulnerability with the setuptools package in the requirements-test.txt file. It’s being brought in as a dependency of other packages. Specify a version for the setuptools package of at least version 70.0.0 in order to resolve the vulnerability.

QA Notes

Unit tests should be passing.

DEV Notes

null

Design

null

FECFILE-1486

exalate-issue-sync[bot] commented 1 month ago

Matt Travers commented: Unit tests passing

[https://app.circleci.com/pipelines/github/fecgov/fecfile-web-api/3943/workflows/d8b4f0ea-63ab-497a-8ad7-bf1c2f719f31/jobs/11875|https://app.circleci.com/pipelines/github/fecgov/fecfile-web-api/3943/workflows/d8b4f0ea-63ab-497a-8ad7-bf1c2f719f31/jobs/11875]

!image-20240717-203712.png|width=1427,height=477,alt="image-20240717-203712.png"!

exalate-issue-sync[bot] commented 1 month ago

Matt Travers commented: Passes CR. Sending to QA.

exalate-issue-sync[bot] commented 1 month ago

Matt Travers commented: Screenshot of configuration file showing new version of setuptools being used:

!image-20240718-132830.png|width=798,height=107,alt="image-20240718-132830.png"!

exalate-issue-sync[bot] commented 1 month ago

Shelly Wise commented: QA review verified with DEV Unit Test passing for this ticket. Verified configuration file showing version setup tools 70.3.0 (see below DEV screenshot)

QA Review Completed. Moved to Stage Ready.

exalate-issue-sync[bot] commented 1 month ago

akhorsand commented: Accepted by Paul Clark at 7/30/24 sprint review.