Skip to content

chore(ci): fix dependency resolution#5859

Merged
leandrodamascena merged 1 commit into
developfrom
fix-dependencies-v2
Jan 13, 2025
Merged

chore(ci): fix dependency resolution#5859
leandrodamascena merged 1 commit into
developfrom
fix-dependencies-v2

Conversation

@leandrodamascena

@leandrodamascena leandrodamascena commented Jan 13, 2025

Copy link
Copy Markdown
Contributor

Issue number: #5857

Summary

Changes

Some dependencies like boto3 depend on urllib and dependency resolution fails sometimes.

Some other dependencies like aws-requests-auth are bringing in requests as an optional dependency, but they are not pinning the minimum version of requests and are installing requests==0.14.0 which has a potential CVE. Even this does not affect customers, because it is a development dependency, it is important to fix.

User experience

No changes for customer experience.

Checklist

If your change doesn't seem to apply, please leave them unchecked.

Is this a breaking change?

RFC issue number:

Checklist:

  • Migration process documented
  • Implement warnings (if it can live side by side)

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

@leandrodamascena leandrodamascena requested a review from a team January 13, 2025 15:58
@boring-cyborg boring-cyborg Bot added the tests label Jan 13, 2025
@pull-request-size pull-request-size Bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jan 13, 2025
@leandrodamascena leandrodamascena linked an issue Jan 13, 2025 that may be closed by this pull request
Maintenance: Fix transitive dependency resolution #5857
Closed
2 tasks
@sonarqubecloud

sonarqubecloud Bot commented Jan 13, 2025

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions github-actions Bot added the internal Maintenance changes label Jan 13, 2025
@leandrodamascena leandrodamascena merged commit 1b81fbf into develop Jan 13, 2025
@leandrodamascena leandrodamascena deleted the fix-dependencies-v2 branch January 13, 2025 16:01
@codecov

codecov Bot commented Jan 13, 2025

Copy link
Copy Markdown

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.17%. Comparing base (2364fb1) to head (a7d8911).
Report is 1 commits behind head on develop.

Additional details and impacted files 
@@           Coverage Diff            @@
##           develop    #5859   +/-   ##
========================================
  Coverage    96.17%   96.17%           
========================================
  Files          232      232           
  Lines        10941    10941           
  Branches      2023     2023           
========================================
  Hits         10522    10522           
  Misses         329      329           
  Partials        90       90

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@anafalcao anafalcao anafalcao approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

internal Maintenance changes size/S Denotes a PR that changes 10-29 lines, ignoring generated files. tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Maintenance: Fix transitive dependency resolution

2 participants

@leandrodamascena @anafalcao