I think these are false positives as we don't use all those .lock files -but we should check & potentially do a housekeeping update
https://github.com/wikimedia/wikimedia-fundraising-crm-vendor/security/dependabot
Description
Description
Event Timeline
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 24 2022, 10:05 PM2022-10-24 22:05:13 (UTC+0)
XenoRyet moved this task from Triage to Current Sprint on the Fundraising-Backlog board.Oct 25 2022, 8:11 PM2022-10-25 20:11:32 (UTC+0)
Comment Actions
Reviewed! All of these are in composer.lock files in subdirectories (and in one case a package.lock version in a subdirectory). We have updated versions of the PHP libraries at the top level.
Ejegg moved this task from Backlog to Done on the Fundraising Sprint Turtles that are robotic that destroy the whole world with their foot theory board.Nov 1 2022, 7:32 PM2022-11-01 19:32:29 (UTC+0)
Dwisehaupt removed a project: Fundraising Sprint Turtles that are robotic that destroy the whole world with their foot theory.Nov 1 2022, 8:11 PM2022-11-01 20:11:44 (UTC+0)
Dwisehaupt moved this task from Backlog to Completed 20221025 - 20221107 on the Fundraising Tech - Chaos Crew board.
Dwisehaupt set Final Story Points to 1.