Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade dependencies #9892

Closed
bmw opened this issue Feb 7, 2024 · 0 comments · Fixed by #9893
Closed

upgrade dependencies #9892

bmw opened this issue Feb 7, 2024 · 0 comments · Fixed by #9893
Labels
priority: high Issues that should be included in the current milestone if at all possible.

Comments

@bmw
Copy link
Member

bmw commented Feb 7, 2024

It's probably fine, but we may want to upgrade dependencies to fix https://github.com/certbot/certbot/security/dependabot. My personal feeling is it's always better to just upgrade than to try and convince ourselves the problems don't affect us.

Repinning things is easy enough, but then we hit problems trying to build cryptography in our docker images. OK! To fix that I upgraded our base docker image to a newer one like we've done before in PRs like #9415.

Unfortunately, with this change cryptography takes (maybe literally) forever to build. (Looking at previous successful nightly builds, that job normally only takes about an hour.)

I tried upgrading things a little less aggressively at https://dev.azure.com/certbot/certbot/_build/results?buildId=7464&view=results. We'll see what happens 🤞
@bmw bmw added the priority: high Issues that should be included in the current milestone if at all possible. label Feb 7, 2024
@bmw bmw mentioned this issue Feb 8, 2024
Merged
@bmw bmw closed this as completed in #9893 Feb 8, 2024
bmw added a commit that referenced this issue Feb 8, 2024
@bmw
update dependencies (#9893)
b8b759f 
Fixes #9892 and https://github.com/certbot/certbot/security/dependabot

Upgrading the base docker image has been done in previous PRs like #9415. Doing this was needed because the [newer versions of `cryptography` need a newer version of rust](https://dev.azure.com/certbot/certbot/_build/results?buildId=7451&view=logs&j=fdd3565a-f3c6-5154-eca9-9ae03666f7bd&t=5dbd9851-46a4-524f-73a8-4028241afcde&l=475).

I ran the full test suite on this branch which you can see in the GitHub status checks below. The boulder tests should fail as they're to be fixed by #9889 but everything else should pass.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority: high Issues that should be included in the current milestone if at all possible.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

update dependencies certbot/certbot
1 participant
@bmw