This changeset updates our dependabot.yml configuration to match what the documentation currently says is current:
* Adjusts version referenced from 3 to 2 to match the docs
* Adjusts the formatting of values to match the docs
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates several Python dependencies that Dependabot has flagged.
It also ignores a pip-audit report of idna, which incorrectly flagged the version we are on as having been affected by PYSEC-2024-60; this was fixed in version 3.7 of idna, which we are currently using. We will update the action again once the audit flag is corrected and/or another fix version is released (if needed).
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates our pull request template to be much more streamlined and shifts most of the information to our documentation. The PR template now links to the docs for folks who are new and unfamiliar with what we require in our pull requests so that the template itself just has the headings and quick outlines to get started more easily and quickly.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates the gunicorn dependency to the latest release to address a recent CVE. It also updates the its-dangerous package.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates a couple of dependencies, including our Python dependency audit check, and specifically ignores a gunicorn audit flag that appeared on 4/16/2024.
As soon as there is an update available for gunicorn that addresses the issue we will remove the flag to ignore the vulnerability report and update the dependency.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
