Fix current dependabot alerts #561
Assignees
Labels
bug
Something isn't working
Comments
|
This repository is the one and only source of dependabot alerts for the whole NSPCC org now. Please, fix it. |
vvarg229
added a commit
to vvarg229/neofs-testcases
that referenced
this issue
May 24, 2023
Signed-off-by: Oleg Kulachenko <[email protected]>
vvarg229
added a commit
to vvarg229/neofs-testcases
that referenced
this issue
May 24, 2023
Signed-off-by: Oleg Kulachenko <[email protected]>
vvarg229
added a commit
to vvarg229/neofs-testcases
that referenced
this issue
May 25, 2023
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS. The developers of the pytest package have released version 7.2.0 which removes their dependency on py. The pytest version has already been updated to version 7.3.1. Signed-off-by: Oleg Kulachenko <[email protected]>
roman-khimov
added a commit
that referenced
this issue
May 25, 2023
|
@roman-khimov What do you think, should I close this issue now or should I wait until the configobj is fixed? |
|
Well, that's a bit unexpected and special one, so a separate issue to track it wrt to DiffSK/configobj#232 is appropriate. |
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Most of them are irrelevant for the project, but they're irritating anyway: https://github.com/nspcc-dev/neofs-testcases/security/dependabot
The text was updated successfully, but these errors were encountered: