Closed thealphadollar closed 1 year ago
Hi @thealphadollar, what is the version of requests that GitHub is recommending to update, or should we directly jump to the latest available one?
This is a very minial issue and I've saved it for a beginner.
Jump to the latest, as an answer to your question.
I see, but this vulnerability has been there since the previous year I think this is time to update.
Okay, cool.
Please go ahead and send a PR.
Complete your Hacktoberfest :P
While updating the dependencies, pipenv pops up this error:
Pipfile.lock (c687f2) out of date, updating to (3a19d0)…
Locking [dev-packages] dependencies…
✔ Success!
Locking [packages] dependencies…
✘ Locking Failed!
[pipenv.exceptions.ResolutionFailure]: File "/home/xypnox/.local/lib/python3.6/site-packages/pipenv/resolver.py", line 69, in resolve
[pipenv.exceptions.ResolutionFailure]: req_dir=requirements_dir
[pipenv.exceptions.ResolutionFailure]: File "/home/xypnox/.local/lib/python3.6/site-packages/pipenv/utils.py", line 726, in resolve_deps
[pipenv.exceptions.ResolutionFailure]: req_dir=req_dir,
[pipenv.exceptions.ResolutionFailure]: File "/home/xypnox/.local/lib/python3.6/site-packages/pipenv/utils.py", line 480, in actually_resolve_deps
[pipenv.exceptions.ResolutionFailure]: resolved_tree = resolver.resolve()
[pipenv.exceptions.ResolutionFailure]: File "/home/xypnox/.local/lib/python3.6/site-packages/pipenv/utils.py", line 395, in resolve
[pipenv.exceptions.ResolutionFailure]: raise ResolutionFailure(message=str(e))
[pipenv.exceptions.ResolutionFailure]: ResolutionFailure: ERROR: ERROR: Could not find a version that matches certifi==2015.11.20.1,>=2017.4.17
[pipenv.exceptions.ResolutionFailure]: Tried: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 1.0.0, 1.0.1, 1.0.1, 14.5.14, 2015.4.28, 2015.4.28, 2015.9.6, 2015.9.6, 2015.9.6.1, 2015.9.6.1, 2015.9.6.2, 2015.9.6.2, 2015.11.20, 2015.11.20, 2015.11.20.1, 2015.11.20.1, 2016.2.28, 2016.2.28, 2016.8.2, 2016.8.2, 2016.8.8, 2016.8.8, 2016.8.31, 2016.8.31, 2016.9.26, 2016.9.26, 2017.1.23, 2017.1.23, 2017.4.17, 2017.4.17, 2017.7.27, 2017.7.27, 2017.7.27.1, 2017.7.27.1, 2017.11.5, 2017.11.5, 2018.1.18, 2018.1.18, 2018.4.16, 2018.4.16, 2018.8.13, 2018.8.13, 2018.8.24, 2018.8.24, 2018.10.15, 2018.10.15, 2018.11.29, 2018.11.29, 2019.3.9, 2019.3.9, 2019.6.16, 2019.6.16, 2019.9.11, 2019.9.11
[pipenv.exceptions.ResolutionFailure]: Warning: Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies.
First try clearing your dependency cache with $ pipenv lock --clear, then try the original command again.
Alternatively, you can use $ pipenv install --skip-lock to bypass this mechanism, then run $ pipenv graph to inspect the situation.
Hint: try $ pipenv lock --pre if it is a pre-release dependency.
ERROR: ERROR: Could not find a version that matches certifi==2015.11.20.1,>=2017.4.17
Tried: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 1.0.0, 1.0.1, 1.0.1, 14.5.14, 2015.4.28, 2015.4.28, 2015.9.6, 2015.9.6, 2015.9.6.1, 2015.9.6.1, 2015.9.6.2, 2015.9.6.2, 2015.11.20, 2015.11.20, 2015.11.20.1, 2015.11.20.1, 2016.2.28, 2016.2.28, 2016.8.2, 2016.8.2, 2016.8.8, 2016.8.8, 2016.8.31, 2016.8.31, 2016.9.26, 2016.9.26, 2017.1.23, 2017.1.23, 2017.4.17, 2017.4.17, 2017.7.27, 2017.7.27, 2017.7.27.1, 2017.7.27.1, 2017.11.5, 2017.11.5, 2018.1.18, 2018.1.18, 2018.4.16, 2018.4.16, 2018.8.13, 2018.8.13, 2018.8.24, 2018.8.24, 2018.10.15, 2018.10.15, 2018.11.29, 2018.11.29, 2019.3.9, 2019.3.9, 2019.6.16, 2019.6.16, 2019.9.11, 2019.9.11
There are incompatible versions in the resolved dependencies.
[pipenv.exceptions.ResolutionFailure]: req_dir=requirements_dir
[pipenv.exceptions.ResolutionFailure]: File "/home/xypnox/.local/lib/python3.6/site-packages/pipenv/utils.py", line 726, in resolve_deps
[pipenv.exceptions.ResolutionFailure]: req_dir=req_dir,
[pipenv.exceptions.ResolutionFailure]: File "/home/xypnox/.local/lib/python3.6/site-packages/pipenv/utils.py", line 480, in actually_resolve_deps
[pipenv.exceptions.ResolutionFailure]: resolved_tree = resolver.resolve()
[pipenv.exceptions.ResolutionFailure]: File "/home/xypnox/.local/lib/python3.6/site-packages/pipenv/utils.py", line 395, in resolve
[pipenv.exceptions.ResolutionFailure]: raise ResolutionFailure(message=str(e))
[pipenv.exceptions.ResolutionFailure]: ResolutionFailure: ERROR: ERROR: Could not find a version that matches certifi==2015.11.20.1,>=2017.4.17
[pipenv.exceptions.ResolutionFailure]: Tried: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 1.0.0, 1.0.1, 1.0.1, 14.5.14, 2015.4.28, 2015.4.28, 2015.9.6, 2015.9.6, 2015.9.6.1, 2015.9.6.1, 2015.9.6.2, 2015.9.6.2, 2015.11.20, 2015.11.20, 2015.11.20.1, 2015.11.20.1, 2016.2.28, 2016.2.28, 2016.8.2, 2016.8.2, 2016.8.8, 2016.8.8, 2016.8.31, 2016.8.31, 2016.9.26, 2016.9.26, 2017.1.23, 2017.1.23, 2017.4.17, 2017.4.17, 2017.7.27, 2017.7.27, 2017.7.27.1, 2017.7.27.1, 2017.11.5, 2017.11.5, 2018.1.18, 2018.1.18, 2018.4.16, 2018.4.16, 2018.8.13, 2018.8.13, 2018.8.24, 2018.8.24, 2018.10.15, 2018.10.15, 2018.11.29, 2018.11.29, 2019.3.9, 2019.3.9, 2019.6.16, 2019.6.16, 2019.9.11, 2019.9.11
[pipenv.exceptions.ResolutionFailure]: Warning: Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies.
First try clearing your dependency cache with $ pipenv lock --clear, then try the original command again.
Alternatively, you can use $ pipenv install --skip-lock to bypass this mechanism, then run $ pipenv graph to inspect the situation.
Hint: try $ pipenv lock --pre if it is a pre-release dependency.
ERROR: ERROR: Could not find a version that matches certifi==2015.11.20.1,>=2017.4.17
Tried: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 1.0.0, 1.0.1, 1.0.1, 14.5.14, 2015.4.28, 2015.4.28, 2015.9.6, 2015.9.6, 2015.9.6.1, 2015.9.6.1, 2015.9.6.2, 2015.9.6.2, 2015.11.20, 2015.11.20, 2015.11.20.1, 2015.11.20.1, 2016.2.28, 2016.2.28, 2016.8.2, 2016.8.2, 2016.8.8, 2016.8.8, 2016.8.31, 2016.8.31, 2016.9.26, 2016.9.26, 2017.1.23, 2017.1.23, 2017.4.17, 2017.4.17, 2017.7.27, 2017.7.27, 2017.7.27.1, 2017.7.27.1, 2017.11.5, 2017.11.5, 2018.1.18, 2018.1.18, 2018.4.16, 2018.4.16, 2018.8.13, 2018.8.13, 2018.8.24, 2018.8.24, 2018.10.15, 2018.10.15, 2018.11.29, 2018.11.29, 2019.3.9, 2019.3.9, 2019.6.16, 2019.6.16, 2019.9.11, 2019.9.11
There are incompatible versions in the resolved dependencies.
It seems there is a conflict in the version for the package certifi
pipenv lock --clear
doesn't seem to help. The pipenv graph output is given below:
beautifulsoup4==4.4.1
docopt==0.4.0
futures==3.0.3
pymongo==3.1.1
python-dotenv==0.5.1
- click [required: >=5.0, installed: 7.0]
- ordereddict [required: Any, installed: 1.1]
requests==2.22.0
- certifi [required: >=2017.4.17, installed: 2019.9.11]
- chardet [required: >=3.0.2,<3.1.0, installed: 3.0.4]
- idna [required: >=2.5,<2.9, installed: 2.8]
- urllib3 [required: >=1.21.1,<1.26,!=1.25.1,!=1.25.0, installed: 1.25.6]
tornado==4.3
- backports-abc [required: >=0.4, installed: 0.4]
- backports.ssl-match-hostname [required: Any, installed: 3.4.0.2]
- certifi [required: Any, installed: 2019.9.11]
- singledispatch [required: Any, installed: 3.4.0.3]
- six [required: Any, installed: 1.10.0]
It doesn't make much difference. Just add it and send the PR.
This issue is solved. Closing it.
As per github the following dependencies need to be updated and are currently vulnerable: