Update dependencies to resolve security alerts #1146
+129
−85
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
StepanBrychta
force-pushed
the
Update-dependencies
branch
12 times, most recently
from
c74b897
to
c0eff43
Compare
StepanBrychta
commented
Oct 3, 2024
| @@ -9,7 +9,7 @@ | |||
|
|
|||
| @pytest.fixture | |||
| def client(): | |||
| with moto.mock_dynamodb2(): | |||
| with moto.mock_aws(): | |||
There was a problem hiding this comment.
The new version of moto has a slightly different interface, so we need to use mock_aws.
StepanBrychta
force-pushed
the
Update-dependencies
branch
from
c0eff43
to
29d7fe3
Compare
StepanBrychta
commented
Oct 3, 2024
| cd scripts && | ||
| /var/lib/buildkite-agent/.local/bin/tox -e py3 | ||
| - cd scripts | ||
| - python3 -m venv venv && source venv/bin/activate |
There was a problem hiding this comment.
Run tests in a virtual environment to prevent this confusing error message about incompatible package versions:
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
requests 2.25.1 requires chardet<5,>=3.0.2, but you have chardet 5.2.0 which is incompatible.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this change?
This should address the following Python security alerts:
end_to_end_bag_test
daily_reporter
scripts/tests
How to test
end_to_end_bag_testanddaily_reporterdo not have any automated tests, so I tested both locally to make sure that the dependency updates do not break any functionality.How can we measure success?
Almost all Python-related security alerts in this repo are addressed. All critical security alerts are addressed.
Have we considered potential risks?
end_to_end_bag_testordaily_reporter, but both of these services were tested locally and appear to function in exactly the same way as before. In the future, we should consider adding unit tests to make dependency updates easier.scripts/testsonly include test dependencies, so there is no risk of these changes breaking any production code.