-
|
I am not raising this through a vulnerability report as I am not the discoverer and this is a publicly known thing apparently. https://security.snyk.io/vuln/SNYK-PYTHON-ANYIO-7361842 Even though this might be a false positive, it'd be good to resolve this to reduce the number of alerts. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
@agronholm @graingert what's your take on this? Btw, I'm unable to bump anyio. Can any of you help? |
Beta Was this translation helpful? Give feedback.
-
|
It was a bug, but not a vulnerability. I don't know why it's being reported as such. And as Starlette isn't capping AnyIO in a way to prevent v4.4.0 from being installed, except for the test suite, I don't see a problem. |
Beta Was this translation helpful? Give feedback.
-
|
Also, why can't you bump the version? You could just ignore the resource warnings until they can be fixed in the test suite. |
Beta Was this translation helpful? Give feedback.
It was a bug, but not a vulnerability. I don't know why it's being reported as such. And as Starlette isn't capping AnyIO in a way to prevent v4.4.0 from being installed, except for the test suite, I don't see a problem.