30 Sep
2023
30 Sep
'23
4:44 p.m.
On Sat, Sep 30, 2023 at 03:13:30PM +0200, Frank Wunderlich wrote:
Hi,
dependabot reports a high security issue
https://github.com/frank-w/u-boot/security/dependabot/1
it seems it is not yet fixed in master and next as there py is still in and pytest==6.2.5
I have not yet seen any topics for this...are you aware of this? I know tests are run in isolated environment through gitlab-pipeline, but maybe this can have still a risk.
The dependabot requests aren't public. But I don't see one myself when pushing to GitHub, can you please elaborate on what it's saying we should have updated?
--
Tom