This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
My guess is that these dependencies are via dktest but there may be other packages that depend on these packages as well. I'm not too concerned about these from a security perspective since these packages should only be used when tests are running, so you shouldn't be vulnerable via migrate unless you're running the migrate tests. Nonetheless, we'll make sure this is fixed in the next release.
Thanks for your comment.
Ah, I misunderstood. These libraries are also indirect dependencies from migrate.
Please check the commit 9975d48
Yes, I know that migrate uses them in the test only. But the Dependabot alerts by GitHub does not regard that unfortunately and just send us vulnerability alert 😢 So the reason why I sent this PR is just to suppress the alert in our repository.
I just updated dktest to v0.3.10 in migrate (master branch) which should fix known security issues and appease the security vulnerability scanners. If you'd also like to quiet your vulnerability scanners, use the master branch until the next release is cut. Although the master branch is not stable, any issues caused by recent changes (e.g. PR merges) will be promptly addressed.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.