Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk + GH Actions] Update requirements #1091

Closed
wants to merge 1 commit into from
Closed

[Snyk + GH Actions] Update requirements #1091

wants to merge 1 commit into from

Conversation

nickumia-reisys
Copy link
Contributor

@nickumia-reisys nickumia-reisys commented Oct 3, 2023
edited
Loading

Related to

Update requirements

  • Updated requirements.in + requirements.txt
  • Auto-generated by snyk.yml

@nickumia-reisys
Copy link
Contributor Author

@FuhuXia This is an example of a good-ish PR. I know you don't like that the urllib3 requirement was added to requirements.in file when it was previously not there. It is an "unnecessary" change, but it makes the update-dependencies more deliberate. In the case the requirements.txt was updated in isolation, it would be unclear what the vulnerability was. I think it's important for us to know what the changes have been over time as well.

Either way, I approve this PR, but I can't actually approve it. @GSA/data-gov-team Can someone approve it please? Thanks!

@nickumia-reisys nickumia-reisys requested a review from a team October 3, 2023 13:02
This was referenced Oct 3, 2023
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@btylerburton btylerburton btylerburton approved these changes

Assignees
No one assigned
Labels
automated pr requirements snyk
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nickumia-reisys @btylerburton @datagov-bot