-
Notifications
You must be signed in to change notification settings - Fork 151
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
safety is pulling in jinja2 with a vulnerability and failing the safety check #539
Comments
We are facing the same issue :( |
This is all of a sudden causing massive issues in all places where we are using |
Hi folks - we’ve revisited this issue and now believe it was a mistake not to fix it. I'd like to explain our updated thinking and get your feedback before we proceed. We want to introduce a This implementation requires a CLI upgrade and will take time. In the meantime, for the jinja2 case specifically, we plan to remove it from our database as a vulnerability. This temporary solution resolves the issue without requiring a CLI update, though we recognize it’s less transparent until the disputed mechanism is in place. |
As of today we've removed the Jinja2 disputed vulnerability. |
Description
When I install safety and run the check, it fails on jinja2 vulnerability. My application doesn't use jinja2. It's a dependency of safety.
What I Did
Console output
The text was updated successfully, but these errors were encountered: