Replies: 2 comments
-
Frontend dependencies (those which are still needed, anyway) are being upgraded as part of the UI work for v4.0, but you're welcome to open a bug report in the interim as that release is still several months away.
The latest release of NetBox already requires Pillow 10.2.0.
Same as above. We dump every pinned dependency to its latest stable version for each release of NetBox unless there's a reason not to. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the information. Much appreciated! Didn’t know this was the process for updating dependencies. And sorry for not checking fit the updates, was looking at an older version. Will double check in the future |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hey, how often are vulnerabilities that are found in dependencies of Netbox rememdiated??
I say this because I saw that Netbox could upgrade Query-String from 7.1.1 to 7.1.3 remediate [CVE-2022-38900]((https://nvd.nist.gov/vuln/detail/CVE-2022-38900) in the netbox/project-static/package.json file
Moreover, pillow can be upgraded from 9.5.0 to a version of 10.2.0 or greater, which would resolve 2 CVEs
CVE-2023-4863 with a score of 8.8
CVE-2023-44271 with a score of 7.5
And social-auth-app-django can be bumped from 5.3.0 to 5.4.0.
I was a bit confused for how to submit a fix request
Beta Was this translation helpful? Give feedback.
All reactions