You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dependency check reported CVE-2024-21503 in black, this way it is suggested to update to use version 24.3.0.
I made the update in the project, but dependency checker still reports a problem with black:23.10.0: File Path /home/*/dependencies/site-packages/autohooks/plugins/black/__init__.py
I suspect because autohooks-plugin-black = ">=23.10.0" in use.
See package details in this comment: greenbone/autohooks#650 (comment)
I reported the issue to the project provider: greenbone/autohooks#650, but he is also confused why is this package vulnerable.
Could you please explain us why is this package is problematic?
What is the logic in the checker?
Considering we do not see this as a vulnerable point I added this alert as a false positive.
The text was updated successfully, but these errors were encountered:
I had the opportunity to try out the execution with dependency-check 9.1.0 and the tool still reports the black auto-hook plugin as vulnerable.
Thank you for your help in advance.
Dependency check reported CVE-2024-21503 in
black
, this way it is suggested to update to use version24.3.0
.I made the update in the project, but dependency checker still reports a problem with
black:23.10.0
:File Path /home/*/dependencies/site-packages/autohooks/plugins/black/__init__.py
I suspect because
autohooks-plugin-black = ">=23.10.0"
in use.See package details in this comment: greenbone/autohooks#650 (comment)
I reported the issue to the project provider: greenbone/autohooks#650, but he is also confused why is this package vulnerable.
Could you please explain us why is this package is problematic?
What is the logic in the checker?
Considering we do not see this as a vulnerable point I added this alert as a false positive.
The text was updated successfully, but these errors were encountered: