loosen dependency versions #143
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Result of Pytest Coverage---------- coverage: platform linux, python 3.10.14-final-0 ----------
~ 67 passed in 16.73s ~ |
-> Vulnerability found in black version 22.12.0 Vulnerability ID: 66742 Affected spec: <24.3.0 ADVISORY: Black before 24.3.0 have a security vulnerability where specific code formatting patterns could lead to arbitrary code execution. This issue arises from the unsafe handling of AST nodes, potentially allowing an attacker to execute code when Black formats a maliciously crafted Python file. psf/black@f000936 CVE-2024-21503 For more information, please visit https://data.safetycli.com/v/66742/f17 Scan was completed. 1 vulnerability was found. 1 vulnerability from 1 package was ignored.
Files are reformatted due to black upgrading.
ddl-joyce-zhao
commented
Apr 17, 2024
| bson = "^0.5.10" | ||
| urllib3 = "^1.26.16" | ||
|
|
||
| [tool.poetry.group.dev.dependencies] | ||
| Sphinx = "^5.3.0" | ||
| bandit = "^1.7.5" | ||
| black = {version = "^22.12.0", allow-prereleases = true} | ||
| black = {version = "^24.3.0", allow-prereleases = true} |
There was a problem hiding this comment.
Upgraded to remove the vulnerability CVE-2024-21503
ddl-joyce-zhao
commented
Apr 17, 2024
| attrs = ">=20.1.0" | ||
| python-dateutil = "^2.8.0" | ||
| pyarrow = "^14.0.2" | ||
| loguru = "^0.5.3" | ||
| backoff = "^1.11.1" | ||
| backoff = ">=1.11.1" |
There was a problem hiding this comment.
upgraded to handle the conflicts with cohere==4.0 https://dominodatalab.atlassian.net/browse/DOM-56097
ddl-joyce-zhao
commented
Apr 17, 2024
| @@ -42,20 +42,20 @@ classifiers = [ #! Update me | |||
|
|
|||
| [tool.poetry.dependencies] | |||
| python = "^3.8" | |||
| pandas = "^1.3.0" | |||
| httpx = "^0.23.0" | |||
| pandas = ">=1.3.0" | |||
There was a problem hiding this comment.
upgraded as per the users' request
ddl-joyce-zhao
commented
Apr 17, 2024
| pandas = "^1.3.0" | ||
| httpx = "^0.23.0" | ||
| pandas = ">=1.3.0" | ||
| httpx = ">=0.23.0" |
There was a problem hiding this comment.
upgraded to handle the conflicts with cohere==4.0 https://dominodatalab.atlassian.net/browse/DOM-56097
ddl-joyce-zhao
commented
Apr 17, 2024
| @@ -1,2 +1,3 @@ | |||
| """ A client library for accessing Datasource API """ | |||
|
|
|||
There was a problem hiding this comment.
The files are reformatted after black is upgraded.
ddl-gabrielhaim
approved these changes
Apr 19, 2024
ddl-joyce-zhao
commented
Apr 19, 2024
| @@ -35,13 +35,14 @@ classifiers = [ #! Update me | |||
| "Topic :: Software Development :: Libraries :: Python Modules", | |||
| "License :: OSI Approved :: Apache Software License", | |||
| "Programming Language :: Python :: 3", | |||
| "Programming Language :: Python :: 3.8", | |||
There was a problem hiding this comment.
Dropped Python 3.8 cause it's dropped in the latest Feast. We need to the latest Feast for Pandas 2 compatibility. Also the Python 3.8 security support ends in 6 month(Oct 2024).
https://endoflife.date/python
ddl-joyce-zhao
deleted the
ddl-joyce-zhao.DOM-55190.loosen-dependency-version
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Loosen several dependency libraries' versions.
Related Issue
https://dominodatalab.atlassian.net/browse/DOM-55190
Type of Change
Checklist
CONTRIBUTING.mdguide.make codestyle.