GitHub has dependency alerts and dependency security updates that can replace safety.
For the past few months, safety has been raising vulnerability errors for pip and now jinja2. The latter is a dependency of safety itself, and both CVEs are disputed.
GitHub has dependency alerts and dependency security updates that can replace
safety
.For the past few months, safety has been raising vulnerability errors for
pip
and nowjinja2
. The latter is a dependency ofsafety
itself, and both CVEs are disputed.Which is breaking CI for us.