search

pyupio / safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
https://safetycli.com/product/safety-cli
MIT License
1.66k stars 141 forks source link

safety 3.0.0 dependencies require exact versions #496

Closed andy-maier closed 5 months ago

andy-maier commented 5 months ago

Description

Version 3.0.0 of safety requires exact versions for these packages:

    Authlib==1.2.0
    jwt==1.3.1

That is a problem for anyone who needs different versions.

I suggest that this gets changed to require minimum versions, e.g.:

    Authlib>=1.2.0 
    jwt>=1.3.1

Mitigation: For now, we are pinning safety to <3.0.0