Fix Example Transitive Vulnerability for Python
To fix a transitive library for Python, override the transitive dependency by adding the appropriately versioned dependency as a direct library to your configuration file, which can be a
These steps provide a fix for a Cross-Site Scripting (XSS) vulnerability in html5lib, version .9999999 in the
transitive_vulns branch of the example-python repository.
To complete this task:
requirements.txtfile in the root of the project and add the recommended version of the library:
Updating some transitive libraries will fail because a specific version is required for usage. In cases such as these, you will need to update the directly specified library to a version which allows for the safe version to be used.