Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Drop python36 and security updates #11052

Merged
merged 2 commits into from
Apr 5, 2022
Merged

Drop python36 and security updates #11052

merged 2 commits into from
Apr 5, 2022

Conversation

joejuzl
Copy link
Contributor

@joejuzl joejuzl commented Apr 4, 2022

@joejuzl joejuzl requested a review from losterloh April 4, 2022 08:30
losterloh
losterloh approved these changes Apr 4, 2022
View reviewed changes
Copy link
Contributor

@losterloh losterloh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Everything good with the PR in itself, but before merging this we should answer the open questions around how we exactly want to release this.

@joejuzl joejuzl changed the title Sb 66 patch critical vulnerabilities in tensorflow pillow and redis on 2 8 x branch Drop python36 and security updates Apr 4, 2022
@tmbo
Copy link
Member

tmbo commented Apr 4, 2022

the pr doesn't include updates for tf / pillow - are they in a separate pr or am i missing something?

@joejuzl
Copy link
Contributor Author

joejuzl commented Apr 4, 2022

@tmbo
Pillow is only a transitive dependency, but you can see that in the poetry.lock it is now version 9.0.1.
Tensorflow I left as ~2.6.2 in pyproject.toml as that version range does work for Rasa - and in the poetry.lock it is now 2.6.3. But could also explicitly up the range in the pyproject.toml too?

@tmbo
Copy link
Member

tmbo commented Apr 4, 2022

ah yes that makes sense, sorry I missed that 👍

@m-vdb
Copy link
Collaborator

m-vdb commented Apr 4, 2022

@joejuzl @losterloh are we confident that the redis major version changes is sufficiently tested with our functional / integration tests or do we need to do a manual QA step?

@losterloh
Copy link
Contributor

@m-vdb I don't think I can answer that question with my current level of knowledge, I'd need to invest some time to look at the integration test suite for that. (Of course, happy to do that if this is now a high priority).

@m-vdb
Copy link
Collaborator

m-vdb commented Apr 4, 2022

sounds good @losterloh -- I don't expect you to get this answer since you just joined Atom last week. I've taken the habit of @-mentioning you and Joe 😅

@joejuzl
Copy link
Contributor Author

joejuzl commented Apr 5, 2022

@m-vdb the integration tests only test redis with the lock store, so I would say to be safe a QA pass makes sense.

@joejuzl joejuzl merged commit 057b171 into 2.8.x Apr 5, 2022
@joejuzl joejuzl deleted the SB-66-patch-critical-vulnerabilities-in-tensorflow-pillow-and-redis-on-2-8-x-branch branch April 5, 2022 09:32
@virtualroot virtualroot mentioned this pull request Apr 21, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@losterloh losterloh losterloh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@joejuzl @tmbo @m-vdb @losterloh