search

CS-SI / eodag-labextension

Jupyterlab extension for EODAG search
Apache License 2.0
18 stars 2 forks source link

dependencies vulnerabilities #47

Closed sbrunato closed 1 year ago

sbrunato commented 3 years ago

Github dependabot raises security alerts on some packages that need to be upgraded.

There are 4 packages that cannot be upgraded by dependabot because of conflicting dependencies. See: https://github.com/CS-SI/eodag-labextension/security/dependabot

For example:

Dependabot cannot update codemirror to a non-vulnerable version The latest possible version that can be installed is 5.57.0 because of the following conflicting dependencies:

@jupyterlab/application@3.0.9 requires codemirror@~5.57.0 via a transitive dependency on @jupyterlab/codemirror@3.0.7
@jupyterlab/cells@3.0.9 requires codemirror@~5.57.0 via a transitive dependency on @jupyterlab/codemirror@3.0.7
@jupyterlab/notebook@3.0.9 requires codemirror@~5.57.0 via a transitive dependency on @jupyterlab/codemirror@3.0.7

The earliest fixed version is 5.58.2.

sbrunato commented 2 years ago

@PhML can you please resolve this conflict https://github.com/CS-SI/eodag-labextension/security/dependabot ? image