pip-audit fails with 2 vulnerabilities (GHSA-m6vm-8g8v-xfjh and GHSA-8849-5h85-98qw)

daisuke834 commented 1 year ago

Expected behaviour

When I ran

$ pip-audit -r /path/to/requirements.txt

where the requirements.txt has dependency on the latest version of opencv-python

opencv-python==4.7.0.72

, no error is supposed to be happened.

Actual behaviour

The following two errors are raised.

Name          Version  ID                  Fix Versions
------------- -------- ------------------- ------------
opencv-python 4.7.0.72 GHSA-m6vm-8g8v-xfjh
opencv-python 4.7.0.72 GHSA-8849-5h85-98qw

Steps to reproduce

$ mkdir tempdir
$ cd tempdir
$ echo "opencv-python==4.7.0.72" > requirements.txt
$ pip install pip-audit==2.5.3
$ pip-audit -r requirements.txt
Found 2 known vulnerabilities in 1 package
Name          Version  ID                  Fix Versions
------------- -------- ------------------- ------------
opencv-python 4.7.0.72 GHSA-m6vm-8g8v-xfjh
opencv-python 4.7.0.72 GHSA-8849-5h85-98qw

My environment:

$ python --version
Python 3.9.16

Issue submission checklist

[x] This is not a generic OpenCV usage question (looking for help for coding, other usage questions, homework etc.)
[x] I have read the README of this repository and understand that this repository provides only an automated build toolchain for OpenCV Python packages (there is no actual OpenCV code here)
[ ] The issue is related to the build scripts in this repository, to the pre-built binaries or is a feature request (such as "please enable this additional dependency")
[x] I'm using the latest version of opencv-python

skvark commented 1 year ago

These issues are in the upstream C++ repo, and cannot be fixed here.

daisuke834 commented 1 year ago

I understood. Thank you!

opencv / opencv-python

pip-audit fails with 2 vulnerabilities (GHSA-m6vm-8g8v-xfjh and GHSA-8849-5h85-98qw) #822

Expected behaviour

Actual behaviour

Steps to reproduce

Issue submission checklist