Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade dependencies for security #571

Open
zerothabhishek opened this issue Apr 2, 2019 · 3 comments
Open

Upgrade dependencies for security #571

zerothabhishek opened this issue Apr 2, 2019 · 3 comments
Labels
area/security

Comments

@zerothabhishek
Copy link
Contributor

Ref: https://requires.io/github/pythonindia/junction/requirements/?branch=master

Many libraries in requirements.txt are using old, insecure versions. They must be updated to the latest secure versions.

This also requires a Django upgrade.
Related Issue: 514
@pradyunsg
Copy link
Contributor

pillow seems to be unused.

@pradyunsg pradyunsg mentioned this issue Apr 3, 2019
Merged
@zerothabhishek zerothabhishek mentioned this issue Apr 12, 2019
Open
@zerothabhishek zerothabhishek changed the title [2019] Upgrade dependencies for security Upgrade dependencies for security Apr 22, 2019
@ananyo2012
Copy link
Contributor

3 more dependencies need update - handlebars, extend and sshpk as pointed out by GitHub @dependabot

@pradyunsg pradyunsg removed the 2019 label Mar 21, 2020
@gutsytechster
Copy link
Contributor

Won't @dependabot create a PR if a security issue be found? Do we explicitly need to update some dependency?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@zerothabhishek @pradyunsg @ananyo2012 @gutsytechster