Fix Dependabot alert on python-dotenv for N2T and Resolver

python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback #34

https://github.com/CDLUC3/N2T/security/dependabot/34

Upgrade python-dotenv to fix [1 Dependabot alert](https://github.com/CDLUC3/N2T/security/dependabot?q=is%3Aopen+package%3Apython-dotenv+manifest%3Arequirements.txt+has%3Apatch) in [requirements.txt](https://github.com/CDLUC3/N2T/blob/-/requirements.txt)
Upgrade python-dotenv to version 1.2.2 or later.

- [ ] Resolver - https://github.com/CDLUC3/resolver
- [ ] N2T- https://github.com/CDLUC3/N2T
- [ ] ARKs - https://github.com/CDLUC3/arksorg-site

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix Dependabot alert on python-dotenv for N2T and Resolver #1010

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Fix Dependabot alert on python-dotenv for N2T and Resolver #1010

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions