Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade Python packages #3891

Merged
merged 2 commits into from
Dec 19, 2022
Merged

Upgrade Python packages #3891

merged 2 commits into from
Dec 19, 2022

Conversation

nlohmann
Copy link
Owner

  • upgrade packages to fix security warning
  • also bring mkdocs and other packages up to date

@nlohmann nlohmann added this to the Release 3.11.3 milestone Dec 18, 2022
@nlohmann nlohmann self-assigned this Dec 18, 2022
@coveralls
Copy link

Coverage Status

Coverage remained the same at 100.0% when pulling 10b17d0 on upgrade_packages into 80dfb04 on develop.

@nlohmann nlohmann merged commit a2f0593 into develop Dec 19, 2022
@nlohmann nlohmann deleted the upgrade_packages branch December 19, 2022 06:25
@PDeets
Copy link

PDeets commented Feb 3, 2023

Thanks for making this change. However, I wanted to bring up that as a user of nlohnamm-json via vcpkg, I regularly get security warnings due to our security scanners finding the requirements.txt file and identifying what it believes are insecure dependencies of my source code. I'm just writing C++ code that uses nlohmann-json though, so I always have to dismiss these. However, it is a nuisance to deal with.

Do you think maybe we should add a step in the vcpkg portfile at https://github.com/microsoft/vcpkg/blob/master/ports/nlohmann-json/portfile.cmake to delete the docs folder after it downloads the source code for the tagged release so these dependencies don't show up in security scans.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants