You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey,
our security scanner recently went off on the netbox ansible module, because some of the dependencies in v3.13.0 are pinned to versions that contain vulnerabilites (most notably, CVE-2023-37920 in certifi version 2023.5.7).
Since I have no idea about the timeline for v3.14, I was wondering if it would be feasible / make sense to create a patch release version v.3.13.1 just to update the dependencies?
Since the dependencies are already updated in the devel branch, I think it should be fairly straightforward to do so.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hey,
our security scanner recently went off on the netbox ansible module, because some of the dependencies in v3.13.0 are pinned to versions that contain vulnerabilites (most notably, CVE-2023-37920 in
certifiversion 2023.5.7).Since I have no idea about the timeline for v3.14, I was wondering if it would be feasible / make sense to create a patch release version v.3.13.1 just to update the dependencies?
Since the dependencies are already updated in the
develbranch, I think it should be fairly straightforward to do so.Happy to hear your thoughts :)
Beta Was this translation helpful? Give feedback.
All reactions