Skip to main content

Fix example transitive vulnerability for Python

To fix a transitive library for Python, override the transitive dependency by adding the appropriately versioned dependency as a direct library to your configuration file, which can be a requirements.txt or setup.py file.

These steps provide a fix for a Cross-Site Scripting (XSS) vulnerability in html5lib, version .9999999 in the transitive_vulns branch of the example-python repository.

To complete this task:

  1. Edit the requirements.txt file in the root of the project and add the recommended version of the library:

    html5lib== 0.99999999
    Important

    Updating some transitive libraries will fail because a specific version is required for usage. In cases such as these, you will need to update the directly specified library to a version which allows for the safe version to be used.

  2. Validate the fix.