Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace outdated dependency with security flags #305

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Replace outdated dependency with security flags #305

wants to merge 5 commits into from
+15 −30

Conversation

shcheklein
Copy link

pytest-celery raises security scan alert (e.g. https://github.com/iterative/dvc-task/actions/runs/8883067284/job/24389104408?pr=128)

It depends on retry libm which itself depends (for no good reason) on py which is flagged for security and is outdated:

invl/retry#58
invl/retry#60

It seems it's not maintained (last release / update is ~8 years ago).

A replacement is funcy - lightweight (no dependencies AFAIK), license is good, maintained. We have been using it in DVC.org for a while.

@shcheklein shcheklein requested a review from Nusnus as a code owner April 29, 2024 22:44
@shcheklein shcheklein mentioned this pull request Apr 29, 2024
Merged
@codecov Codecov
Copy link

codecov bot commented Apr 30, 2024
edited

Codecov Report

Attention: Patch coverage is 0% with 2 lines in your changes are missing coverage. Please review.

Project coverage is 25.27%. Comparing base (ed8616f) to head (3ab2185).

Files Patch % Lines
src/pytest_celery/api/container.py 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #305   +/-   ##
=======================================
  Coverage   25.27%   25.27%           
=======================================
  Files          37       37           
  Lines        1187     1187           
  Branches      235      235           
=======================================
  Hits          300      300           
  Misses        859      859           
  Partials       28       28

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@shcheklein
Copy link
Author

hey @Nusnus, thanks for running the pipeline for this 🙏 . Let me know if you need anything here or is it good to go as is.

@Nusnus
Copy link
Member

Nusnus commented Apr 30, 2024

hey @Nusnus, thanks for running the pipeline for this 🙏 . Let me know if you need anything here or is it good to go as is.

Thanks for the PR!
I have a very busy week and many PRs to review, but I will sure get to everything as soon as I can.

I’ll let you know if anything else is needed, thank you!

@skshetry skshetry mentioned this pull request May 10, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Nusnus Nusnus Awaiting requested review from Nusnus Nusnus is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@shcheklein @Nusnus @auvipy