safety: update to 3.x and make two CVEs just a warning
Review new dependencies for unsolved CVEs so we know what we are getting into before merging new dependencies.
Edited by Hans-Christoph Steiner
Review new dependencies for unsolved CVEs so we know what we are getting into before merging new dependencies.