search

microsoft / sarif-tools

A set of Python command line tools for working with SARIF files produced by code analysis tools
MIT License
76 stars 19 forks source link

Update pytest to >7.2.0 without vulnerable py dep #32

Closed abyss638 closed 9 months ago

abyss638 commented 9 months ago

Resolves https://github.com/microsoft/sarif-tools/security/dependabot/3

Updated pytest to `>7.2.0' (7.4.2) which doesn't include vulnerable 'py' library.

> poetry update
Updating dependencies
Resolving dependencies... (1.1s)

Package operations: 2 installs, 2 updates, 4 removals

  • Removing attrs (23.1.0)
  • Removing more-itertools (10.1.0)
  • Removing py (1.11.0)
  • Removing wcwidth (0.2.8)
  • Installing exceptiongroup (1.1.3)
  • Installing iniconfig (2.0.0)
  • Updating pluggy (0.13.1 -> 1.3.0)
  • Updating pytest (5.4.3 -> 7.4.2)