Addressing discrepancies in snyk vulnerability reports

[quinnwai]

The current Snky weekly report for the drs_downloader shows known vulnerabilities despite all vulnerability PRs and issues addressed when navigating to the project page. Find the details of the issue and determine if things like duplicate requirements in requirements.txt are causing this issue

original thread

[mbaumann-broad]

Investigation revealed the Snyk integration for drs_downloader had become stale, and was incorrectly reporting issues that had been successfully addressed by previous PRs.

Deleting the previous Snyk integration for drs_downloader and setting-up a new integration showed much more reasonable/expected results. The previous vulnerabilities and been fixed, and there are a few new vulnerabilities, different than before. These can and should be easily fixed.

In any case, I recommend cleaning up duplicate entries in the requirements.txt and requirements-dev.txt files, which currently contain both unqualified and qualified entries for some dependencies.