Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security updates #6531

Merged
merged 51 commits into from
Jul 1, 2024
Merged

Security updates #6531

merged 51 commits into from
Jul 1, 2024

Conversation

piiq
Copy link
Contributor

@piiq piiq commented Jun 21, 2024

  • Drop support for python 3.8
  • Bump scikit-learn, and urllib3 to patched versions
  • Bump ws and braces to patched versions on website and frontend-components
  • Bump devtools

@piiq piiq added the security label Jun 21, 2024
@piiq piiq self-assigned this Jun 21, 2024
@github-actions github-actions bot added bug Fix bug platform OpenBB Platform v4 PRs for v4 labels Jun 21, 2024
@piiq
Copy link
Contributor Author

piiq commented Jun 21, 2024

There is a problem with openbb-devtools. It brings in vcrpy that has a pin of urllib3 that doesn't seem to work nicely with poetry

@piiq
Copy link
Contributor Author

piiq commented Jun 22, 2024

There is a problem with openbb-devtools. It brings in vcrpy that has a pin of urllib3 that doesn't seem to work nicely with poetry

resolved. vcrpy works fine with later urllib3 on python 3.10. i've bumped the deps in a way our dev install script allows solving the env for 3.9

@deeleeramone
Copy link
Contributor

deeleeramone commented Jun 22, 2024
edited
Loading

I think the charting extension, and a couple of others, are missing the .toml file. If you want the front end components to be updated, the compiled HTML files need to be generated and replaced.

@piiq piiq added the P0 label Jun 24, 2024
@piiq
Copy link
Contributor Author

piiq commented Jun 24, 2024

need to bump Finviz to 1.0.0 in this security update. the package has been released last week and Python 3.8 support has been dropped. package is finvizfinance

piiq and others added 4 commits June 24, 2024 20:56
@piiq @deeleeramone
Resolve bugs highlighted by the tests (#6538)
62bcda0 
* Fix FMP currency snapshot model after a security update

* fixes

* add to the commit

* lint

---------

Co-authored-by: Danglewood <85772166+deeleeramone@users.noreply.github.com>
@deeleeramone
merge conflicts
1c4ce35
@piiq
Bump finviz
e2ef0ba
@piiq
Remove website folder that was added by merge conflict resolution
98ec797
@deeleeramone
Copy link
Contributor

deeleeramone commented Jun 28, 2024
edited
Loading

Never mind that, static assets needed to be rebuilt.

I'm getting lots of failures with the integration tests. The entire econometrics and technical modules fail.

Pytest completely freezes at this point: openbb_platform/extensions/tests/test_docstring_examples.py

@deeleeramone
Copy link
Contributor

@piiq, are we enabling 3.12 support in this PR? I'm still being blocked by the project's requirements.

@piiq
Copy link
Contributor Author

piiq commented Jul 1, 2024

are we enabling 3.12 support in this PR?

yes

@piiq piiq removed the request for review from deeleeramone July 1, 2024 09:06
@montezdesousa montezdesousa added this pull request to the merge queue Jul 1, 2024
Merged via the queue into develop with commit c63b3c8 Jul 1, 2024
12 checks passed
@IgorWounds IgorWounds deleted the bugfix/security-updates branch July 1, 2024 13:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deeleeramone deeleeramone deeleeramone left review comments

@IgorWounds IgorWounds IgorWounds approved these changes

Assignees

@piiq piiq

Labels
bug Fix bug excel P0 platform OpenBB Platform security v4 PRs for v4
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@piiq @deeleeramone @IgorWounds @montezdesousa @hjoaquim