Skip to content

Update packages to latest security revisions #1188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Elkasitu wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update packages to latest security revisions #1188

Elkasitu wants to merge 1 commit into from

Conversation

@Elkasitu
Copy link
Contributor

@Elkasitu Elkasitu commented Jan 21, 2026

No description provided.

@Elkasitu Elkasitu added the technical For PRs that introduce changes not worthy of a CHANGELOG entry label Jan 21, 2026
@Elkasitu Elkasitu marked this pull request as ready for review January 21, 2026 15:00
@Elkasitu Elkasitu requested a review from a team January 21, 2026 15:00
Jincxz
Jincxz approved these changes Jan 21, 2026
View reviewed changes
Copy link
Contributor

@Jincxz Jincxz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like Dependabot now supports uv.lock scanning. Thoughts on removing requirements.txt?

@Elkasitu
Copy link
Contributor Author

Elkasitu commented Jan 21, 2026

Looks like Dependabot now supports uv.lock scanning. Thoughts on removing requirements.txt?

I was just wondering why we had the two, I'm all for getting rid of it, I can maybe do it as part of this PR. What about container scanning from MP+?

@Jincxz
Copy link
Contributor

Jincxz commented Jan 21, 2026

Looks like Dependabot now supports uv.lock scanning. Thoughts on removing requirements.txt?

I was just wondering why we had the two, I'm all for getting rid of it, I can maybe do it as part of this PR. What about container scanning from MP+?

Not sure how the container scanning works. Perhaps someone with more knowledge from @RedHatProductSecurity/osidb-devs can weigh in?

@Elkasitu
Copy link
Contributor Author

Elkasitu commented Jan 22, 2026

@skontar do you know if MP+ container scanning cares about the format of the dependency manifest? i.e. requirements.txt vs uv.lock?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Jincxz Jincxz Jincxz approved these changes

Assignees

No one assigned

Labels

technical For PRs that introduce changes not worthy of a CHANGELOG entry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Elkasitu @Jincxz