| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <192d7da2f2a.1069aaa001047791.5583301334791429946@collabora.com> Date: Tue, 29 Oct 2024 07:37:33 -0300 From: Helen Mae Koike Fornazier <helen.koike@...labora.com> To: "WangYuli" <wangyuli@...ontech.com> Cc: "maarten.lankhorst" <maarten.lankhorst@...ux.intel.com>, "mripard" <mripard@...nel.org>, "tzimmermann" <tzimmermann@...e.de>, "airlied" <airlied@...il.com>, "simona" <simona@...ll.ch>, "david.heidelberg" <david.heidelberg@...labora.com>, "dri-devel" <dri-devel@...ts.freedesktop.org>, "linux-kernel" <linux-kernel@...r.kernel.org>, "guanwentao" <guanwentao@...ontech.com>, "zhanjun" <zhanjun@...ontech.com>, "Vignesh Raman" <vignesh.raman@...labora.com> Subject: Re: [RESEND. PATCH 1/5] drm/ci: Upgrade requirements because of bothering by GitHub Dependabot ---- On Thu, 17 Oct 2024 00:39:48 -0300 WangYuli wrote --- > GitHub Dependabot keeps bugging us about old, vulnerable Python packages. > > Until we figure out a way to make it calm, we're stuck updating our > dependencies whenever it complains. > > I guess it's a good thing in the long run, though, right? > Makes our CI a bit "more secure"... > > Signed-off-by: WangYuli wangyuli@...ontech.com> > -- > 2.45.2 > > Hi WangYuli, Thanks for this. tbh, I'm tempted in removing the python script that is in the repo, and keep it out-of-tree somewhere, since it is a tool that is only triggered manually in local environment. I also want to hear Vignesh's thoughts about it. Thanks Helen
Powered by blists - more mailing lists