Skip to content

Upgrade multiple packages for CVE solving #948

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Upgrade multiple packages for CVE solving #948

wants to merge 8 commits into from

Conversation

sobolron
Copy link
Contributor

Description

@sobolron sobolron requested a review from awherr March 18, 2025 21:19
@awherr
Copy link
Contributor

awherr commented Mar 18, 2025

It makes sense what you have done here, but I'm wondering why all the tests are failing during checks?

@sobolron
Copy link
Contributor Author

sobolron commented Mar 19, 2025
edited
Loading

It makes sense what you have done here, but I'm wondering why all the tests are failing during checks?

@awherr 2 Reasons:

  • When you looked was after I updated to latest, which in most libraries doesn't support Python3.8 which we officially still support. So I had to downgrade. If we'll decide to remove support from Python 3.8 it'll be possible to upgrade again.
  • There were some conflicts between types-setuptools and types-pkg_resources which was cause because of deprecated packages usage. This caused Mypy checks to fail. Fixed that by removing types-pkg_resources.

Still waiting for all tests to work now.

@awherr
Copy link
Contributor

awherr commented Mar 19, 2025

It makes sense what you have done here, but I'm wondering why all the tests are failing during checks?

@awherr 2 Reasons:

  • When you looked was after I updated to latest, which in most libraries doesn't support Python3.8 which we officially still support. So I had to downgrade. If we'll decide to remove support from Python 3.8 it'll be possible to upgrade again.
  • There were some conflicts between types-setuptools and types-pkg_resources which was cause because of deprecated packages usage. This caused Mypy checks to fail. Fixed that by removing types-pkg_resources.

Still waiting for all tests to work now.

Thanks for all of your effort on this. Python 3.8 support holding back latest versions makes sense, we need a plan drop support for 3.8 as the CVE situation will only get worse over time. Its really great that you found the Mypy issue.

@awherr
Copy link
Contributor

awherr commented Mar 19, 2025

It looks really promising. The executable tests all pass, though it appears to be hung on the container tests. Not sure if these are normally long-running tasks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@awherr awherr Awaiting requested review from awherr

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sobolron @awherr