github dependabot alert on py / pytest
Tom Rini
trini at konsulko.com
Sat Sep 30 16:44:05 CEST 2023
On Sat, Sep 30, 2023 at 03:13:30PM +0200, Frank Wunderlich wrote:
> Hi,
>
> dependabot reports a high security issue
>
> https://github.com/frank-w/u-boot/security/dependabot/1
>
> it seems it is not yet fixed in master and next as there py is still in and pytest==6.2.5
>
> I have not yet seen any topics for this...are you aware of this? I know tests are run in
> isolated environment through gitlab-pipeline, but maybe this can have still a risk.
The dependabot requests aren't public. But I don't see one myself when
pushing to GitHub, can you please elaborate on what it's saying we
should have updated?
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20230930/2014c671/attachment.sig>
More information about the U-Boot
mailing list