Fix example transitive vulnerability for Python
To fix a transitive library for Python, override the transitive dependency by adding the appropriately versioned dependency as a direct library to your configuration file, which can be a requirements.txt
or setup.py
file.
These steps provide a fix for a Cross-Site Scripting (XSS) vulnerability in html5lib, version .9999999 in the transitive_vulns
branch of the example-python repository.
To complete this task:
-
Edit the
requirements.txt
file in the root of the project and add the recommended version of the library:html5lib== 0.99999999
noteUpdating some transitive libraries will fail because a specific version is required for usage. In cases such as these, you will need to update the directly specified library to a version which allows for the safe version to be used.