-
Notifications
You must be signed in to change notification settings - Fork 279
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump requests from 2.29.0 to 2.32.0 in /lambda #1301
base: main
Are you sure you want to change the base?
Conversation
Bumps [requests](https://github.com/psf/requests) from 2.29.0 to 2.31.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.29.0...v2.31.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Last time I considered doing something like this I think @partouf you suggested it might break things? I forget 😊 If it's ok though I'll merge then build/update the lambda. Or do the lambada? |
no definitely dont merge, this will break lambda's, unless aws has updated their environment |
Got it; thanks. I'll google about and see if I can prove out how to tell if this is OK now |
So the reason is that requests 2.30 uses urllib3, which in turn changes some SSL stuff. This is one of the possible errors, but we got a different one back when I was testing it: |
Looking at aws/aws-lambda-base-images#118 and https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html to see if maybe we can use newer python version environments to solve this |
"Python 3.12" uses "Amazon Linux 2023" instead of "Amazon Linux 2" Uses openssl 3 by default instead of v1 So that might work |
https://pypi.org/project/requests/#history Latest is 2.32.3 |
Bumps requests from 2.29.0 to 2.31.0.
Release notes
Sourced from requests's releases.
Changelog
Sourced from requests's changelog.
Commits
147c851
v2.31.074ea7cf
Merge pull request from GHSA-j8r2-6x86-q33q3022253
test on pypy 3.8 and pypy 3.9 on windows and macos (#6424)b639e66
test on py3.12 (#6448)d3d5044
Fixed a small typo (#6452)2ad18e0
v2.30.0f2629e9
Remove strict parameter (#6434)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.