Dependabot identifying fork openjck/whitenoise, needs to be evansd/whitenoise #17563
Unanswered
jwhitlock
asked this question in
Code Security
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We have whitenoise 5.0.1 installed in our project:
https://github.com/mozilla/fx-private-relay/blob/71cc24cce6b2fe45821a84e8f72fa4867784fe7d/requirements.txt#L30
Dependabot thinks it comes from a fork https://github.com/openjck/whitenoise, but it should be pointed at https://github.com/evansd/whitenoise.
This means that Dependabot doesn't see any releases after v2.0.4 (the last tag on
openjck/whitenoise
), while the latest is v6.1.0.Beta Was this translation helpful? Give feedback.
All reactions