Bug: CVSS v4 support requires cvss package 3.0 or later #383
Labels
bug
Something isn't working
Comments
|
No idea. The versions are not locked in the pyproject.toml. Does it work if the virual environment is created from scratch? |
|
Yes because it downloads the latest versions.
If you are using functionality which is only available in certain versions,
then you should include that in the dependency specification.
…On Tue, 24 Dec 2024, 12:46 prabhu, ***@***.***> wrote:
No idea. The versions are not locked in the pyproject.toml. Does it work
if the virual environment is created from scratch?
—
Reply to this email directly, view it on GitHub
<#383 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACAID27VDF2FN6NT53JDLLL2HFJUHAVCNFSM6AAAAABUEUQ3V6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNRRGA4TENJTGY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
We are planning to move to uv for v6. Hopefully, this would get sorted automatically. Thank you for flagging this though! |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Expected Behavior
pip install owasp-depscan --upgrade should install latest version of package and dependencies
Actual Behavior
CVSS package not upgraded (existing version 2.6 retained). When running depscan get
ImportError: cannot import name 'CVSS4' from 'cvss' (/data/Documents/depscan/lib/python3.10/site-packages/cvss/init.py)
Steps to Reproduce
Have previously installed version of depscan installed in python virtual environment
Additional Information
Dependencies in pyproject.toml file for cvss needs to be >= 3.0
The text was updated successfully, but these errors were encountered: