Closed ahebrank closed 1 year ago
I think there is some issue with the way tox caching is working in the github action. I don't know why it keeps failing (due to it not actually installing py
) when it's explicitly listed as a dependency
@michaelboulton Hi,
is it possible to remove the Py
from the release dependencies and use different file for test dependencies, because the Py
has quite high-level security vulnerability and it will trigger security scanners for my projects;
As the Py is itself deprecated, then it's highly likely that maintainers of the Py
will not push the fix
It may be deprecated but pytest have also vendored part of the library https://github.com/pytest-dev/pytest/pull/10396 , not the 'io' part which is also used by tavern. It means reaching into more internal pytest code.
See #816 .
pytest has removed py as a dependency as of 7.2.0 (https://github.com/pytest-dev/pytest/pull/10396), but tavern still requires it. Test failures produce an internal error
AttributeError: module 'py' has no attribute 'io'
without this dependency.