rgommers
commented
2 years ago 1.22.0is released, so no workaround needed anymore- This CVE is nonsensical
Open anjaneya17 opened 2 years ago
rgommers
commented
2 years ago 1.22.0 is released, so no workaround needed anymore
Hi, Context: I am new to Python coding. numpy version 1.21.5 has a security vulnerability https://github.com/numpy/numpy/issues/18993. This dependency is a transitive dependency not a direct dependency. We are sure that in our code we are not using any functionality that requires this transitive dependency.
Request: Is there any way to configure the requirement.txt to exclude transitive dependency ? I see the issue is fixed in version 1.22.0* ---- unfortunately this is not in a stable release yet -- what is the time line for version 1.22.0 to become stable?
Please any help is really appreciated. Please do respond.