Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dependencies vulnerabilities #47

Closed
sbrunato opened this issue Sep 27, 2021 · 1 comment · Fixed by #50 or #74
Closed

dependencies vulnerabilities #47

sbrunato opened this issue Sep 27, 2021 · 1 comment · Fixed by #50 or #74
Assignees
@fafa-a
Labels
dependencies Pull requests that update a dependency file

Comments

@sbrunato
Copy link
Collaborator

sbrunato commented Sep 27, 2021
edited
Loading

Github dependabot raises security alerts on some packages that need to be upgraded.

There are 4 packages that cannot be upgraded by dependabot because of conflicting dependencies. See: https://github.com/CS-SI/eodag-labextension/security/dependabot

For example:

Dependabot cannot update codemirror to a non-vulnerable version
The latest possible version that can be installed is 5.57.0 because of the following conflicting dependencies:

@jupyterlab/application@3.0.9 requires codemirror@~5.57.0 via a transitive dependency on @jupyterlab/codemirror@3.0.7
@jupyterlab/cells@3.0.9 requires codemirror@~5.57.0 via a transitive dependency on @jupyterlab/codemirror@3.0.7
@jupyterlab/notebook@3.0.9 requires codemirror@~5.57.0 via a transitive dependency on @jupyterlab/codemirror@3.0.7

The earliest fixed version is 5.58.2.
@sbrunato sbrunato added the dependencies Pull requests that update a dependency file label Sep 27, 2021
@sbrunato sbrunato mentioned this issue Sep 28, 2021
Closed
PhML added a commit that referenced this issue Oct 1, 2021
@PhML
fix: #47
247a992
@sbrunato sbrunato mentioned this issue Oct 1, 2021
Merged
PhML added a commit that referenced this issue Oct 4, 2021
@PhML
fix: #47
7c1670f
PhML added a commit that referenced this issue Oct 4, 2021
@PhML
fix: #47
25a025f
@PhML PhML mentioned this issue Oct 4, 2021
Merged
@sbrunato
Copy link
Collaborator Author

@PhML can you please resolve this conflict https://github.com/CS-SI/eodag-labextension/security/dependabot ?
image

@sbrunato sbrunato reopened this Nov 16, 2021
@sbrunato sbrunato assigned fafa-a and unassigned PhML Sep 19, 2022
fafa-a pushed a commit that referenced this issue Sep 21, 2022
chore : ending dependencies (#47)
8a7ce53
@fafa-a fafa-a mentioned this issue Sep 21, 2022
Merged
fafa-a pushed a commit that referenced this issue Sep 22, 2022
chore: ending dependencies (#47)
fd87568
fafa-a pushed a commit that referenced this issue Sep 23, 2022
chore: ending dependencies (#47)
949465c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fafa-a fafa-a

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
3 participants
@PhML @fafa-a @sbrunato