Closed dependabot[bot] closed 1 year ago
Hi @Samira-El
I saw that pipelinewise-tap-postgres
has already been updated to psycopg2-binary 2.9.3
I tested target-postgres against psycopg2-binary 2.9.3 myself and don't have any problems with that.
It would be really good to keep such a critical library as close as up-to-date as possible.
The upstream project (psyscopg2) is making an excellent effort at keeping the OpenSSL security fix releases up-to-date as soon as new OpenSSL releases are available.
And it is concerning that this level of rigor is not applied to pipelinewise-target-postgres as well, when it comes to consuming the security updates provide from upstream in the form of psycopg2-binary security updates. (But for some reason the problem does not exist with pipelinewise-tap-postgres to the same degree)
Hope that makes sense.
Cheers,
Christoph
Superseded by #106.
Bumps psycopg2-binary from 2.8.5 to 2.9.4.
Changelog
Sourced from psycopg2-binary's changelog.
... (truncated)
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)