Closed okuuva closed 1 year ago
Thanks for the report @okuuva! The new release of Safety updates that dependency. Also, note that the dparse vulnerability doesn't affect Safety because Safety doesn't use the affected function; however, another external dependency might be using the affected version of Dparse, so the recommendation is to update to the latest Safety version.
Description
Today our CI job running safety warned us about a new known vulnerability:
Did some digging and turns out it's safety that pins the version to >=0.5.1. With a quick search in this repo it still seems to be affecting
develop
branch. Didn't check if it's really relevant but it's a bit awkward for sure.