Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exclude transitive dependency from requirements.txt #355

Open
anjaneya17 opened this issue Dec 28, 2021 · 1 comment
Open

Exclude transitive dependency from requirements.txt #355

anjaneya17 opened this issue Dec 28, 2021 · 1 comment

Comments

@anjaneya17
Copy link

anjaneya17 commented Dec 28, 2021

Hi,
Context:
I am new to Python coding.
numpy version 1.21.5 has a security vulnerability numpy/numpy#18993.
This dependency is a transitive dependency not a direct dependency. We are sure that in our code we are not using any functionality that requires this
transitive dependency.

Request:
Is there any way to configure the requirement.txt to exclude transitive dependency ?
I see the issue is fixed in version 1.22.0* ---- unfortunately this is not in a stable release yet -- what is the time line for version 1.22.0 to become stable?

Please any help is really appreciated. Please do respond.

@rgommers
Copy link

rgommers commented Jan 4, 2022

  1. 1.22.0 is released, so no workaround needed anymore
  2. This CVE is nonsensical

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants