mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-02-05 19:03:30 -05:00
Update Python dependencies - 7/12/24 - and ignore idna pip-audit flag
This changeset updates several Python dependencies that Dependabot has flagged. It also ignores a pip-audit report of idna, which incorrectly flagged the version we are on as having been affected by PYSEC-2024-60; this was fixed in version 3.7 of idna, which we are currently using. We will update the action again once the audit flag is corrected and/or another fix version is released (if needed). Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This commit is contained in:
Carlo Costino
2
.github/workflows/checks.yml
vendored
2
.github/workflows/checks.yml
vendored
@@ -160,6 +160,8 @@ jobs:
|
||||
- uses: pypa/gh-action-pip-audit@v1.0.8
|
||||
with:
|
||||
inputs: requirements.txt
|
||||
ignore-vulns: |
|
||||
PYSEC-2024-60
|
||||
- name: Run npm audit
|
||||
run: make npm-audit
|
||||
|
||||
|
||||
Reference in New Issue
Block a user