Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: scanning error against dev-requirements.txt #4471

Open
terriko opened this issue Sep 24, 2024 · 0 comments
Open

bug: scanning error against dev-requirements.txt #4471

terriko opened this issue Sep 24, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@terriko
Copy link
Contributor

terriko commented Sep 24, 2024

cve-bin-tool is reporting in the Github security tab that our version of black is vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2024-21503 which was for black 24.3.0 . But we're using black==24.8.0 so we shouldn't be getting this warning.

Not sure what's going on. I thought originally it was an old issue I'd forgotten to remove but it's claiming it was current as of yesterday, so something is going wrong in our scan or in how we're reporting on the security tab. It could be related to the cve-bin-tool release or to the corresponding cve-bin-tool-action release.

image
@terriko terriko added the bug Something isn't working label Sep 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@terriko