kbergin
commented
5 years ago ➤ Nick Barkas commented:
Do we need to do this given we are no longer using Cellranger. Also how would we know if we are breaking Cellranger?
Closed kbergin closed 4 years ago
kbergin
commented
5 years ago ➤ Nick Barkas commented:
Do we need to do this given we are no longer using Cellranger. Also how would we know if we are breaking Cellranger?
kbergin
commented
5 years ago ➤ Nick Barkas commented:
Why do we want to fix this?
Are the vulnerabilities auto-reported by snyk or any consequence to pipelines that run in a closed environment? How do we know that we are not affecting scientific results when we change the dependencies of programs that we haven’t created?
There is a security alert on Skylab about upgrading the version of Jinja2 in cellranger/requirements.txt: https://github.com/HumanCellAtlas/skylab/network/alert/docker/cellranger/requirements.txt/Jinja2/open
Vulnerable versions: < 2.8.1 Patched version: 2.8.1 Remediation: Upgrade Jinja2 to version 2.8.1 or later. For example
Jinja2>=2.8.1┆Issue is synchronized with this Jira Dev Task