search

Widen / tap-rest-api-msdk

`tap-rest-api-msdk` is a Singer tap for generic rest-apis, built with the Meltano SDK for Singer Taps.
Apache License 2.0
24 stars 24 forks source link

Bump dependencies to resolve CVES #55

Closed s7clarke10 closed 2 months ago

s7clarke10 commented 2 months ago

Hi @jlloyd-widen ,

Looking at dependabot securities, the cryptography and certifi need to be bumped to resolve several CVES that have been raised on them.

It is probably best to bump the Meltano SDK at the same time.

Issue: I tried a poetry update to bring in the latest dependencies with a view of raising a PR for this. It looks however that the dependencies update doesn't appear to finish in the poetry resolver. A poetry update command spins and never completes.

I don't know if you have had this issue before? Are you able to patch the pyproject.yaml and re-generated a poetry.lock file resolving these issues please?

I'm not sure if you have enable dependabot securities on your Repo but it is probably a good idea so there is visibility of vulnerabilities in the poetry.lock file.

Thanka Steve

s7clarke10 commented 2 months ago

Thank you @jlloyd-widen for quickly resolving this. Much appreciate 👏.