Skip to content

Commit

Permalink
Upgrade Gitpython to address a security issue flagged by dependabot
Browse files Browse the repository at this point in the history 
bandit(v1.6.2) requires Gitpython(v3.1.32) which has below vulnerability,
https://github.com/uktrade/lite-hmrc/security/dependabot/27

Upgraded bandit to 1.7.0 which uses a Gitpython(v3.1.34)
  • Loading branch information
@saruniitr
saruniitr committed Sep 6, 2023
1 parent d4020b6 commit 6ad43ab
Show file tree
Hide file tree
Showing 2 changed files with 173 additions and 149 deletions.
2 changes: 1 addition & 1 deletion Pipfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ url = "https://pypi.org/simple"
verify_ssl = true

[dev-packages]
bandit = "==1.6.2"
bandit = "==1.7.0"
black = "==22.3.0"
coverage = "~=5.0"
parameterized = "==0.7.0"
Expand Down
Loading

0 comments on commit 6ad43ab

Please sign in to comment.