Allow networkx<3.0 to allow security fixes#140
Open
jdimatteo wants to merge 1 commit intoetsy:masterfrom
Open
Conversation
networkx before 2.6 is flagged for security vulnerabilities as described at https://security.snyk.io/vuln/SNYK-PYTHON-NETWORKX-1062709 Note that networkx<3.0 was allowed with etsy#107 , however was reverted with etsy#108 , and no context was provided why it was reverted, but hopefully this change is fine now given the passage of time.
Author
|
Hi can someone please review / merge this or let me know what changes are needed before merging this security fix? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Allow networkx<3.0 to allow security fixes
Context / Why are we making this change?
networkx before 2.6 is flagged for security vulnerabilities as described at https://security.snyk.io/vuln/SNYK-PYTHON-NETWORKX-1062709
Testing and QA Plan
Trusting automated test coverage.
Impact
networkx<3.0 was allowed with #107 , however was reverted with #108 , and no context was provided why it was reverted, but hopefully this change is fine now given the passage of time.