You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current action depends on requests<2.30, but this causes the following:
❯ pip-audit
| Collecting inputs
Found 1 known vulnerability in 1 package
Name Version ID Fix Versions
-------- ------- ------------------- ------------
requests 2.29.0 GHSA-j8r2-6x86-q33q 2.31.0
My project depends on requests 2.31.0, this issue is with the pinned version in this codebase.
I believe the reason why we were holding on the requests 2.30.0 issue is now fixed, so we should relax this condition.
Expected behavior
I expected the action to not fail on its own.
Steps to reproduce
Add pip-audit to an empty project
Run it.
Relevant context
Nothing else needed.
The text was updated successfully, but these errors were encountered:
Current behavior
The current action depends on requests<2.30, but this causes the following:
My project depends on requests 2.31.0, this issue is with the pinned version in this codebase.
I believe the reason why we were holding on the requests 2.30.0 issue is now fixed, so we should relax this condition.
Expected behavior
I expected the action to not fail on its own.
Steps to reproduce
Relevant context
Nothing else needed.
The text was updated successfully, but these errors were encountered: