Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk + GH Actions] Update requirements #673

Closed
wants to merge 1 commit into from
Closed

[Snyk + GH Actions] Update requirements #673

wants to merge 1 commit into from

Conversation

Jin-Sun-tts
Copy link
Contributor

Update requirements

  • Updated requirements.in + requirements.txt
  • Auto-generated by snyk.yml

@Jin-Sun-tts Jin-Sun-tts requested a review from a team November 29, 2023 12:06
jbrown-xentity
jbrown-xentity previously approved these changes Nov 29, 2023
View reviewed changes
Copy link
Contributor

@jbrown-xentity jbrown-xentity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the snyk rejection is bad; we're beyond the recommended patch version and the vulnerability is non-existent. If we need to move past this one, we can make an exception in the .snyk file and move on.

@Jin-Sun-tts Jin-Sun-tts requested a review from a team November 30, 2023 12:06
@btylerburton
Copy link
Contributor

btylerburton commented Dec 12, 2023
edited
Loading

what's the status on this?

nvm... can't be merged until we upgrade CKAN

@Jin-Sun-tts Jin-Sun-tts force-pushed the requirement-patches branch 6 times, most recently from e4b0bc2 to e2e94c9 Compare December 21, 2023 12:06
@Jin-Sun-tts Jin-Sun-tts force-pushed the requirement-patches branch 3 times, most recently from 3028ff8 to 6808284 Compare December 27, 2023 12:06
@btylerburton
Copy link
Contributor

Related to: GSA/data.gov#4571

@btylerburton
Copy link
Contributor

Closing this as I believe now the next SNYK scan shouldn't try to update CKAN.

@btylerburton btylerburton deleted the requirement-patches branch December 28, 2023 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jbrown-xentity jbrown-xentity jbrown-xentity left review comments

Assignees
No one assigned
Labels
automated pr ckan-upgrade requirements snyk
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Jin-Sun-tts @btylerburton @jbrown-xentity @datagov-bot