Consider removing pylint as a dependency of the `firecloud` package.
Closed this issue · 1 comments
deflaux commented
The firecloud
package depends on pylint in both requirements.txt and setup.py but it appears to only be used a build time to lint the code.
This dependency is causing a potential security vulnerability in packages that depend on firecloud
. For example, see all-of-us/workbench-snippets#70
Consider removing pylint as a dependency of the firecloud
package or, at a minimum, remove the package version pin from setup.py
so that users are not forced to downgrade to an old version of pylint.
amstilp commented
I am having the same issue. I am getting ResolutionImpossible
errors from pip when installing another necessary python package in my virtual environment because the other package requires pylint>=2.0
. Please fix.