nlohmann / json

JSON for Modern C++
https://json.nlohmann.me
MIT License
42.97k stars 6.72k forks source link

Upgrade Python packages #3891

Closed nlohmann closed 1 year ago

nlohmann commented 1 year ago
coveralls commented 1 year ago

Coverage Status

Coverage remained the same at 100.0% when pulling 10b17d08e68bf78f4207d740a196865b7f3b1633 on upgrade_packages into 80dfb049b32e275586bd785944e3eb18f422ecef on develop.

PDeets commented 1 year ago

Thanks for making this change. However, I wanted to bring up that as a user of nlohnamm-json via vcpkg, I regularly get security warnings due to our security scanners finding the requirements.txt file and identifying what it believes are insecure dependencies of my source code. I'm just writing C++ code that uses nlohmann-json though, so I always have to dismiss these. However, it is a nuisance to deal with.

Do you think maybe we should add a step in the vcpkg portfile at https://github.com/microsoft/vcpkg/blob/master/ports/nlohmann-json/portfile.cmake to delete the docs folder after it downloads the source code for the tagged release so these dependencies don't show up in security scans.