-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed dependency versions #85
Comments
@Grunny Any thoughts about this? |
Hi @NF997! Sounds good. The only one I want o pin is python-owasp-zap-v2.4, since it has had backwards incompatible changes released before as it's not following semantic versioning, and I don't want things to suddenly break for people. So, I think in your PR, you can just pin that one to the latest, and we'll keep bumping it after testing for each release. What do you think? |
I updated the PR accordingly 👍 |
Hi @NF997 could you possibly update this to use requests version 2.25.0 or higher? There is a new vulnerability found in urllib3 versions before v1.26.5. The requests module v2.25.0 is the earliest version with the dependency requirements that will allow urllib3 v1.26.5 to be installed and used with zap-cli. I have also filed #104 to request the same update but if you can do that, then my issue filing can be closed when this is merged. @Grunny please merge this. Thank you both. |
Is there a particular reason that the dependency versions are fixed:
When using zap-cli together with other packages, it would be much more convenient to specify minimum versions like this:
The text was updated successfully, but these errors were encountered: