Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update aiohttp #725

Closed
roman-khimov opened this issue Feb 13, 2024 · 2 comments
Closed

Update aiohttp #725

roman-khimov opened this issue Feb 13, 2024 · 2 comments
Assignees
Labels
enhancement Improving existing functionality I4 No visible changes S3 Minimally significant U2 Seriously planned

Comments

@roman-khimov
Copy link
Member

Is your feature request related to a problem? Please describe.

I'm always frustrated when Dependabot is frustrated. Unfortunately it can't create an update for us in this case.

Dependabot can't update vulnerable dependencies without a lockfile
The currently installed version can't be determined.
To resolve the issue add a supported lockfile (Pipfile.lock, pyproject.lock or poetry.lock).

Describe the solution you'd like

  1. Update aiohttp to 3.9.2+ (including https://github.com/aio-libs/aiohttp/pull/8074/files)
  2. Add lock files for Dependabot.

Describe alternatives you've considered

Keep getting emails about outdated dependencies, no. Even though the problem itself is not very relevant for us, it's still annoying.

Additional context

https://github.com/nspcc-dev/neofs-testcases/security/dependabot/19

@roman-khimov roman-khimov added enhancement Improving existing functionality U2 Seriously planned S3 Minimally significant I4 No visible changes labels Feb 13, 2024
@roman-khimov
Copy link
Member Author

@evgeniiz321, when you create CityOfZion/neo-mamba#304 I expect a link to it here (tracking progress and signaling a dependency) and a blocked label.

@roman-khimov roman-khimov added the blocked Can't be done because of something label Mar 15, 2024
@roman-khimov roman-khimov removed the blocked Can't be done because of something label Mar 25, 2024
@evgeniiz321
Copy link
Contributor

Dependencies were updated by #760

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement Improving existing functionality I4 No visible changes S3 Minimally significant U2 Seriously planned
Projects
None yet
Development

No branches or pull requests

2 participants