Security update - remove dependency on py (#1091) · pytorch/test-infra@429c66f

Commit

Security update - remove dependency on py (#1091)

GitHub has identified a security vulnerability in "py". Since there is
no fix, the
[workaround](GHSA-w596-4wvx-j9j6) is to
update pytest to a version that does not depend on py

# Package Dependency
- Repository:
[pytorch/test-infra](https://github.com/pytorch/test-infra)
- Manifest file:
[tools/pkg-helpers/poetry.lock](https://github.com/pytorch/test-infra/blob/main/tools/pkg-helpers/poetry.lock)
- Package name: py
- Affected versions: <= 1.11.0
- Fixed in version: (No fix version known)
- Severity: MODERATE

# References
https://nvd.nist.gov/vuln/detail/CVE-2022-42969
pytest-dev/py#287

https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316
https://pypi.org/project/py
GHSA-w596-4wvx-j9j6

Loading branch information

ZainRizvi authored and kit1980 committed Nov 23, 2022

1 parent cb34046 commit 429c66f

0 comments on commit `429c66f`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `429c66f`

Commit

There are no files selected for viewing

0 comments on commit 429c66f

0 comments on commit `429c66f`