Open callebokedal opened 8 months ago
Just installed safety in a new virtual enviroment. Seems like it has a dependency to vulnerable setuptools 58.0.4
cd somefolder python3 -m venv .safety-env source .safety-env/bin/activate pip install --upgrade pip # -> Successfully installed pip-23.2.1 pip install safety pip freeze # Result: # certifi==2023.7.22 # charset-normalizer==3.3.0 # click==8.1.7 # dparse==0.6.3 # idna==3.4 # packaging==21.3 # pyparsing==3.1.1 # requests==2.31.0 # ruamel.yaml==0.17.35 # ruamel.yaml.clib==0.2.8 # safety==2.3.5 # tomli==2.0.1 # urllib3==2.0.6 # But then, after checking: safety check # I get info: # -> Vulnerability found in setuptools version 58.0.4 # To check more, I install 'pipdeptree' and run it pip install pipdeptree pipdeptree -fl # Result: # pip==23.2.1 # pipdeptree==2.13.0 # safety==2.3.5 # click==8.1.7 # dparse==0.6.3 # packaging==21.3 # pyparsing==3.1.1 # tomli==2.0.1 # packaging==21.3 # pyparsing==3.1.1 # requests==2.31.0 # certifi==2023.7.22 # charset-normalizer==3.3.0 # idna==3.4 # urllib3==2.0.6 # ruamel.yaml==0.17.35 # ruamel.yaml.clib==0.2.8 # setuptools==58.0.4 # Suggestion - upgrade setuptools to >= 65.5.1 pip install --upgrade setuptools # -> 68.2.2
Description
Just installed safety in a new virtual enviroment. Seems like it has a dependency to vulnerable setuptools 58.0.4
What I Did