darthmon_wmde added a comment.
Hey @sbassett , heads up: I am accepting the risk and we programmed the deploy to production. We have already fixed <https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/618319> some of the dev dependencies - by yesterday there were no high vulnerabilities, only low ones. You mentioned that we need to commit to a risk plan to review the vulnerable dependencies e.g. in the next 30 days. From talking to the team the issue here is rather a continuous than a milestone, meaning that this is a moving target and we need a process to periodically check and fix the dependencies of our projects (To this aim we could really benefit from https://phabricator.wikimedia.org/T228527) With all this in mind, could you please specify the kind of commitment that you expect from me? thanks a lot in advance! TASK DETAIL https://phabricator.wikimedia.org/T249039 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: sbassett, darthmon_wmde Cc: WMDE-leszek, sbassett, Addshore, Michael, Lucas_Werkmeister_WMDE, Tonina_Zhelyazkova_WMDE, Pablo-WMDE, Lydia_Pintscher, Aklapper, darthmon_wmde, Akuckartz, Dsharpe, DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, Bawolff, Mbch331, Legoktm
_______________________________________________ Wikidata-bugs mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
