Consider removing pylint as a dependency of the `firecloud` package.

Question

Consider removing pylint as a dependency of the `firecloud` package.

Closed this issue 2 years ago · 1 comments

The firecloud package depends on pylint in both requirements.txt and setup.py but it appears to only be used a build time to lint the code.

This dependency is causing a potential security vulnerability in packages that depend on firecloud. For example, see all-of-us/workbench-snippets#70

Consider removing pylint as a dependency of the firecloud package or, at a minimum, remove the package version pin from setup.py so that users are not forced to downgrade to an old version of pylint.

Answer 1 · 2022-02-01T23:13:41.000Z

I am having the same issue. I am getting ResolutionImpossible errors from pip when installing another necessary python package in my virtual environment because the other package requires pylint>=2.0. Please fix.