Open jdimatteo opened 1 year ago
Allow networkx<3.0 to allow security fixes
networkx before 2.6 is flagged for security vulnerabilities as described at https://security.snyk.io/vuln/SNYK-PYTHON-NETWORKX-1062709
How has this work been tested or QA'd?
Trusting automated test coverage.
What are the implications of these changes? Are there any cross-cutting concerns to keep in mind?
networkx<3.0 was allowed with https://github.com/etsy/boundary-layer/pull/107 , however was reverted with https://github.com/etsy/boundary-layer/pull/108 , and no context was provided why it was reverted, but hopefully this change is fine now given the passage of time.
Hi can someone please review / merge this or let me know what changes are needed before merging this security fix?
Description
Allow networkx<3.0 to allow security fixes
Context / Why are we making this change?
networkx before 2.6 is flagged for security vulnerabilities as described at https://security.snyk.io/vuln/SNYK-PYTHON-NETWORKX-1062709
Testing and QA Plan
Trusting automated test coverage.
Impact
networkx<3.0 was allowed with https://github.com/etsy/boundary-layer/pull/107 , however was reverted with https://github.com/etsy/boundary-layer/pull/108 , and no context was provided why it was reverted, but hopefully this change is fine now given the passage of time.