psx95
commented
1 year ago /gcbrun
Closed psx95 closed 1 year ago
psx95
commented
1 year ago /gcbrun
dashpole
commented
1 year ago Can you try updating dependencies in individual (or fewer) PRs? At least update the test image in a different PR from other dependency updates.
psx95
commented
1 year ago Can you try updating dependencies in individual (or fewer) PRs? At least update the test image in a different PR from other dependency updates.
I think the three dependencies being updated share some of the underlying transitive dependencies that bring in the vulnerabilities, so shouldn't they be updated together ?
I can certainly update the test image in a different PR, but if the underlying concern is too many changes together are breaking the tests, then I think it should be fine since the test failures were caused because of a missing attribute recently added in v0.16.0.
Let me know your thoughts on this.
Fixes #191
Bump dependencies to fix the reported vulnerabilities.
This needs to be done before addressing #188