pipenv check safety fails with an unfixable error for plotly dash
SmokinCaterpillar opened this issue · 3 comments
SmokinCaterpillar commented
We use the newest dash library 1.21.0
. However, if we run pipenv check --system
it fails with the following error:
40962: dash <2.2.0 resolved (1.21.0 installed)!
Dash 2.2.0 includes a security fix.
Problem is there exists no PyPi package of Dash with version 2.2.0, 1.21.0 is the newest version. How to fix this? Thanks!
rhunwicks commented
Is the issue that the security fix required is in Plotly.js 2.2.0 or 2.2.1, which is bundled in Dash 1.21.0 - see https://github.com/plotly/dash/blob/dev/CHANGELOG.md#1210---2021-07-09?
SmokinCaterpillar commented
Ah okay, thanks, but then the error message Dash 2.2.0 includes a security fix.
is quite misleading.
yeisonvargasf commented
Hi, thanks for comment about the misleading description of the vulnerability, @rhunwicks is right.
That vulnerability was updated in our database, so I will close this issue.