You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Looking at dependabot securities, the cryptography and certifi need to be bumped to resolve several CVES that have been raised on them.
It is probably best to bump the Meltano SDK at the same time.
Issue:
I tried a poetry update to bring in the latest dependencies with a view of raising a PR for this. It looks however that the dependencies update doesn't appear to finish in the poetry resolver. A poetry update command spins and never completes.
I don't know if you have had this issue before? Are you able to patch the pyproject.yaml and re-generated a poetry.lock file resolving these issues please?
I'm not sure if you have enable dependabot securities on your Repo but it is probably a good idea so there is visibility of vulnerabilities in the poetry.lock file.
Thanka
Steve
The text was updated successfully, but these errors were encountered:
Hi @jlloyd-widen ,
Looking at dependabot securities, the cryptography and certifi need to be bumped to resolve several CVES that have been raised on them.
It is probably best to bump the Meltano SDK at the same time.
Issue:
I tried a
poetry updateto bring in the latest dependencies with a view of raising a PR for this. It looks however that the dependencies update doesn't appear to finish in the poetry resolver. A poetry update command spins and never completes.I don't know if you have had this issue before? Are you able to patch the pyproject.yaml and re-generated a poetry.lock file resolving these issues please?
I'm not sure if you have enable dependabot securities on your Repo but it is probably a good idea so there is visibility of vulnerabilities in the poetry.lock file.
Thanka
Steve
The text was updated successfully, but these errors were encountered: