-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update idna
package to 3.7
#417
Conversation
This mitigates [GHSA-jjg7-2v4v-x38h](GHSA-jjg7-2v4v-x38h) vulnerability.
@@ -188,7 +188,7 @@ httpx==0.23.1 | |||
# shared | |||
identify==2.5.30 | |||
# via pre-commit | |||
idna==2.10 | |||
idna==3.7 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you know if the next time someone runs pip-compile, if this will regress to 2.10? Or once 3.7, it will persist?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Confirmed this wouldn't be the case
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found Additional details and impacted files@@ Coverage Diff @@
## main #417 +/- ##
=======================================
Coverage 97.44% 97.44%
=======================================
Files 395 395
Lines 33426 33426
=======================================
Hits 32572 32572
Misses 854 854
Flags with carried forward coverage won't be shown. Click here to find out more.
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found @@ Coverage Diff @@
## main #417 +/- ##
=======================================
Coverage 97.44% 97.44%
=======================================
Files 395 395
Lines 33426 33426
=======================================
Hits 32572 32572
Misses 854 854
Flags with carried forward coverage won't be shown. Click here to find out more.
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found Additional details and impacted files@@ Coverage Diff @@
## main #417 +/- ##
=======================================
Coverage 97.47% 97.47%
=======================================
Files 426 426
Lines 34117 34117
=======================================
Hits 33254 33254
Misses 863 863
Flags with carried forward coverage won't be shown. Click here to find out more.
This change has been scanned for critical changes. Learn more |
This mitigates GHSA-jjg7-2v4v-x38h vulnerability.
I ran
pip-compile --upgrade-package idna
to generate this. The dependencies also don't pin the exact version, and 3.7 is within the ranges of downstream dependencies.Link to ticket: https://github.com/codecov/internal-issues/issues/412
Legal Boilerplate
Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. In 2022 this entity acquired Codecov and as result Sentry is going to need some rights from me in order to utilize my contributions in this PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.