Merged
Conversation
Upgrade from alpine3.22 to alpine3.23 and librdkafka from 2.10.0 to 2.12.1 to resolve Docker Scout "unapproved base image" finding ahead of customer container security scan. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ci: bump base images to alpine3.23 for container security scan See merge request dkinternal/observability/dataops-observability!72
Remove curl/libcurl from runtime image (unused), bump Python 3.12 to 3.13 to resolve CPE CVEs, and upgrade confluent-kafka, msgpack, and peewee for 3.13 compatibility. OBS-1999 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ise' ci: harden container images and bump Python to 3.13 See merge request dkinternal/observability/dataops-observability!73
lxml 4.9.x has no wheels for Python 3.13 and fails to build from source without libxml2-dev. Bumped to 5.3.0 which ships 3.13 wheels. This is a dev-only dependency with zero imports in the codebase. OBS-1999 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ise' ci: bump pipeline image to Python 3.13 / alpine3.23 (v9) See merge request dkinternal/observability/dataops-observability!74
mypy with python_version=3.13 is stricter about some type inferences. Fix 4 errors: - base_view.py: annotate request_body to handle flask's Any return - jwt_plugin.py: narrow default_jwt_options from dict[str, object] to dict[str, bool] to match PyJWT's Options type - project_settings.py: remove redundant cast, add type ignore for Schema.from_dict's Field | type argument OBS-1999 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ise' fix: resolve mypy errors under Python 3.13 target See merge request dkinternal/observability/dataops-observability!75
Upgrade libcurl 8.17.0-r1 → 8.19.0-r0 and busybox 1.37.0-r30 → 1.37.0-r31 from Alpine edge repository. libcurl cannot be removed as librdkafka depends on it; upgrading resolves all 13 OS package findings (1 HIGH, 11 MEDIUM, 1 LOW) from the customer's second Wiz security scan. Ref: OBS-2001 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fix: upgrade libcurl and busybox from Alpine edge to fix Wiz scan CVEs See merge request dkinternal/observability/dataops-observability!76
The chart default PYTHONPATH still pointed to python3.12 site-packages. Deployments using --reuse-values kept the old value, causing cli-job hooks to fail with ModuleNotFoundError. OBS-1999 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fix: update Helm chart pythonpath to Python 3.13 See merge request dkinternal/observability/dataops-observability!77
datakitchen-devops
approved these changes
Apr 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bug Fixes