Skip to content

chore(ci): fix dependency resolution #5858

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 13, 2025
Merged

chore(ci): fix dependency resolution #5858

merged 2 commits into from
Jan 13, 2025

Conversation

leandrodamascena
Copy link
Contributor

Issue number: #5857

Summary

Changes

Some dependencies like boto3 depend on urllib and dependency resolution fails sometimes.

Some other dependencies like aws-requests-auth are bringing in requests as an optional dependency, but they are not pinning the minimum version of requests and are installing requests==0.14.0 which has a potential CVE. Even this does not affect customers, because it is a development dependency, it is important to fix.

User experience

No changes for customer experience.

Checklist

If your change doesn't seem to apply, please leave them unchecked.

Is this a breaking change?

RFC issue number:

Checklist:

  • Migration process documented
  • Implement warnings (if it can live side by side)

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

@leandrodamascena leandrodamascena requested a review from a team January 13, 2025 12:34
@boring-cyborg boring-cyborg bot added dependencies Pull requests that update a dependency file documentation Improvements or additions to documentation internal Maintenance changes labels Jan 13, 2025
@pull-request-size pull-request-size bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jan 13, 2025
@github-actions github-actions bot removed the documentation Improvements or additions to documentation label Jan 13, 2025
@boring-cyborg boring-cyborg bot added documentation Improvements or additions to documentation github-actions Pull requests that update Github_actions code labels Jan 13, 2025
@pull-request-size pull-request-size bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jan 13, 2025
@sonarqubecloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions github-actions bot removed the documentation Improvements or additions to documentation label Jan 13, 2025
@codecov
Copy link

codecov bot commented Jan 13, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.17%. Comparing base (0fe4ab7) to head (fbc0cc3).
Report is 1 commits behind head on develop.

Additional details and impacted files 
@@           Coverage Diff            @@
##           develop    #5858   +/-   ##
========================================
  Coverage    96.17%   96.17%           
========================================
  Files          232      232           
  Lines        10941    10941           
  Branches      2023     2023           
========================================
  Hits         10522    10522           
  Misses         329      329           
  Partials        90       90

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@leandrodamascena leandrodamascena linked an issue Jan 13, 2025 that may be closed by this pull request
Maintenance: Fix transitive dependency resolution #5857
Closed
2 tasks
@leandrodamascena leandrodamascena merged commit 2364fb1 into develop Jan 13, 2025
22 checks passed
@leandrodamascena leandrodamascena deleted the fix-dependencies branch January 13, 2025 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anafalcao anafalcao anafalcao approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github-actions Pull requests that update Github_actions code internal Maintenance changes size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Maintenance: Fix transitive dependency resolution

2 participants

@leandrodamascena @anafalcao