search

pyupio / safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
https://safetycli.com/product/safety-cli
MIT License
1.66k stars 141 forks source link

Update Click version #368

Closed MichalVasut closed 2 years ago

MichalVasut commented 2 years ago

Description

Please update Click package dependency to some newer version

https://github.com/pyupio/safety/blob/7d1448e844c1578bb1a488bffd3b8d1735c2c4bb/setup.py#L35

from my CI:

...

Requirement already satisfied: Click>=6.0 in /usr/local/lib/python3.10/site-packages (from safety) (7.1.2)

...

+==============================================================================+
|                                                                              |
|                               /$$$$$$            /$$                         |
|                              /$$__  $$          | $$                         |
|           /$$$$$$$  /$$$$$$ | $$  \__//$$$$$$  /$$$$$$   /$$   /$$           |
|          /$$_____/ |____  $$| $$$$   /$$__  $$|_  $$_/  | $$  | $$           |
|         |  $$$$$$   /$$$$$$$| $$_/  | $$$$$$$$  | $$    | $$  | $$           |
|          \____  $$ /$$__  $$| $$    | $$_____/  | $$ /$$| $$  | $$           |
|          /$$$$$$$/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$/|  $$$$$$$           |
|         |_______/  \_______/|__/     \_______/   \___/   \____  $$           |
|                                                          /$$  | $$           |
|                                                         |  $$$$$$/           |
|  by pyup.io                                              \______/            |
|                                                                              |
+==============================================================================+
| REPORT                                                                       |
| checked 90 packages, using free DB (updated once a month)                    |
+============================+===========+==========================+==========+
| package                    | installed | affected                 | ID       |
+============================+===========+==========================+==========+
| click                      | 7.1.2     | <8.0.0                   | 47833    |
+==============================================================================+
| Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure            |
| 'mktemp()'.                                                                  |
| https://github.com/pallets/click/issues/17[52](https://gitlab.seznam.net/videoportal/backend/import-api/-/jobs/22170569#L52)                                 |
+==============================================================================+
yeisonvargasf commented 2 years ago

Thanks, @MichalVasut! please update to the latest beta to solve this issue: 2.0b5