Update Julia manifest#3095
Conversation
36411da to
43d4bfe
Compare
|
I saw that the trivy security scan is supposed to run on a pull request, but I don't see it listed here in the checks. Is there no rule attached like: no new vulnerabilities? |
I think this PR predates my Trivy implementation. Blocking PRs based on external vulnerabilities (i.e. the ones that need fixing upstream), would block all code for weeks/months. Besides, not every reported vulnerability applies to how the code is used here. I would expect that the PO goes through the list (https://github.com/Deltares/Ribasim/security/code-scanning) before a release and decides what action(s) need to be taken, or which alerts can be dismissed. It would be good to move from my expectation to a (Deltares) security policy/process. We would need also need to define a threat model first. edit: PS, this PR is made by a monthly bot (using my credentials). |
43d4bfe to
5f7f034
Compare
Update the Julia Manifest.toml to get the latest dependencies.
Changed packages
Packages still outdated after update
All package versions