-
Notifications
You must be signed in to change notification settings - Fork 831
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
upgrade cryptography python package #4540
Conversation
/test integration |
/test notebooks |
/test integration |
python/setup.py
Outdated
@@ -27,7 +27,7 @@ | |||
"requests<3.0.0", | |||
"numpy<2.0.0", | |||
"flatbuffers<2.0.0", | |||
"protobuf<4.0.0", | |||
"protobuf==3.20.3", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That will put hard constraint on protobuf
version in the user environment causing potential conflicts with other packages.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are both the change in the protobuf
version and the change in importlib_metadata
required? I tried locally without those and seems the main Python tests are happy (haven't tried with anything else though).
I just had a look at the changes and noticed that the Python build image is still on Python 3.7 - so perhaps there's no need to change the Python version? |
Just like to throw my hat in the ring here--this vulnerability is causing issues for us (i won't get into why, you'd have a novella to read lol), is there anything i can do to help push this along? thanks! |
After having a deeper look, I think @cliveseldon you were 100% right on adding the extra dep changes. It seems something to do with @RafalSkolasinski if you can have a look at the latest changes, it would be great to get your thumbs up. |
Looks good - shall we fire integration & notebook tests? |
/test integration |
/test notebooks |
/retest |
2 similar comments
/retest |
/retest |
@cliveseldon: The following test failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the jenkins-x/lighthouse repository. I understand the commands that are listed here. |
Just had a look at the notebook tests, and they seem to fail because of an issue not related to this PR (which should get fixed in #4691 ), so I'll go ahead and merge this one. |
@cliveseldon @adriangonz any chance this would be part of a 1.14.2 release? |
Hey @mwm5945 , We don't have plans atm to backport the fix to |
@adriangonz potentially, though a 1.14 release would be preferred (people get anxious with package upgrades haha). Is there a large difference between 14 and 15? |
Co-authored-by: Adrian Gonzalez-Martin <agm@seldon.io>
Co-authored-by: Adrian Gonzalez-Martin <agm@seldon.io>
Update
cryptography
version rangeBy itself causes build to fail. So need to add a set of further updates:
Python builder updates:
Its unclear to me if a subset of these could be achievable. Seems centred on proto compile in python 3.8.