Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOM-38846] - Bump apache-airflow from 1.10.15 to 2.2.4 #134

Merged
merged 3 commits into from
Jun 24, 2022
Merged

[DOM-38846] - Bump apache-airflow from 1.10.15 to 2.2.4 #134

merged 3 commits into from
Jun 24, 2022

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 15, 2022
edited by ddl-olsonJD
Loading

Link to JIRA

https://dominodatalab.atlassian.net/browse/DOM-38846

What issue does this pull request solve?

Airflow 1.10.15 uses datatable 1.10.22, where a prototype vulnerability was detected, which would allows injections in airflow scheduler, and the underlying database.

What is the solution?

Upgrade to airflow 2.2.4 in which this vulnerability is resolved.
Updated and realigned other airflow dependencies with conflicted versions.

Testing

  • Unit test(s)

Pull Request Reminders

References

Bumps apache-airflow from 1.10.15 to 2.2.4.

Release notes

Sourced from apache-airflow's releases.

Apache Airflow 2.2.4

Bug Fixes

  • Adding missing login provider related methods from Flask-Appbuilder (#21294)
  • Fix slow DAG deletion due to missing dag_id index for job table (#20282)
  • Add a session backend to store session data in the database (#21478)
  • Show task status only for running dags or only for the last finished dag (#21352)
  • Use compat data interval shim in log handlers (#21289)
  • Fix mismatch in generated run_id and logical date of DAG run (#18707)
  • Fix TriggerDagRunOperator extra link (#19410)
  • Add possibility to create user in the Remote User mode (#19963)
  • Avoid deadlock when rescheduling task (#21362)
  • Fix the incorrect scheduling time for the first run of dag (#21011)
  • Fix Scheduler crash when executing task instances of missing DAG (#20349)
  • Deferred tasks does not cancel when DAG is marked fail (#20649)
  • Removed duplicated dag_run join in Dag.get_task_instances() (#20591)
  • Avoid unintentional data loss when deleting DAGs (#20758)
  • Fix session usage in /rendered-k8s view (#21006)
  • Fix airflow dags backfill --reset-dagruns errors when run twice (#21062)
  • Do not set TaskInstance.max_tries in refresh_from_task (#21018)
  • Don't require dag_id in body in dagrun REST API endpoint (#21024)
  • Add Roles from Azure OAUTH Response in internal Security Manager (#20707)
  • Allow Viewing DagRuns and TIs if a user has DAG "read" perms (#20663)
  • Fix running airflow dags test <dag_id> <execution_dt> results in error when run twice (#21031)
  • Switch to non-vendored latest connexion library (#20910)
  • Bump flask-appbuilder to >=3.3.4 (#20628)
  • upgrade celery to 5.2.3 (#19703)
  • Bump croniter from <1.1 to <1.2 (#20489)
  • Lift off upper bound for MarkupSafe (#20113)
  • Avoid calling DAG.following_schedule() for TaskInstance.get_template_context() (#20486)
  • Fix(standalone): Remove hardcoded Webserver port (#20429)
  • Remove unnecssary logging in experimental API (#20356)
  • Un-ignore DeprecationWarning (#20322)
  • Deepcopying Kubernetes Secrets attributes causing issues (#20318)
  • Fix(dag-dependencies): fix arrow styling (#20303)
  • Adds retry on taskinstance retrieval lock (#20030)
  • Correctly send timing metrics when using dogstatsd (fix schedule_delay metric) (#19973)
  • Enhance multiple_outputs inference of dict typing (#19608)
  • Fixing ses email backend (#18042)
  • Pin Markupsafe until we are able to upgrade Flask/Jinja (#21664)

Doc only changes

  • Added explaining concept of logical date in DAG run docs (#21433)
  • Add note about Variable precedence with env vars (#21568)
  • Update error docs to include before_send option (#21275)
  • Augment xcom docs (#20755)
  • Add documentation and release policy on "latest" constraints (#21093)
  • Add a link to the DAG model in the Python API reference (#21060)
  • Added an enum param example (#20841)

... (truncated)

Changelog

Sourced from apache-airflow's changelog.

Airflow 2.2.4, (2022-02-22)

Significant Changes ^^^^^^^^^^^^^^^^^^^

Smart sensors deprecated """"""""""""""""""""""""

Smart sensors, an "early access" feature added in Airflow 2, are now deprecated and will be removed in Airflow 2.4.0. They have been superseded by Deferrable Operators, added in Airflow 2.2.0.

See Migrating to Deferrable Operators <https://airflow.apache.org/docs/apache-airflow/2.2.4/concepts/smart-sensors.html#migrating-to-deferrable-operators>_ for details on how to migrate.

Bug Fixes ^^^^^^^^^

  • Adding missing login provider related methods from Flask-Appbuilder (#21294)
  • Fix slow DAG deletion due to missing dag_id index for job table (#20282)
  • Add a session backend to store session data in the database (#21478)
  • Show task status only for running dags or only for the last finished dag (#21352)
  • Use compat data interval shim in log handlers (#21289)
  • Fix mismatch in generated run_id and logical date of DAG run (#18707)
  • Fix TriggerDagRunOperator extra link (#19410)
  • Add possibility to create user in the Remote User mode (#19963)
  • Avoid deadlock when rescheduling task (#21362)
  • Fix the incorrect scheduling time for the first run of dag (#21011)
  • Fix Scheduler crash when executing task instances of missing DAG (#20349)
  • Deferred tasks does not cancel when DAG is marked fail (#20649)
  • Removed duplicated dag_run join in Dag.get_task_instances() (#20591)
  • Avoid unintentional data loss when deleting DAGs (#20758)
  • Fix session usage in /rendered-k8s view (#21006)
  • Fix airflow dags backfill --reset-dagruns errors when run twice (#21062)
  • Do not set TaskInstance.max_tries in refresh_from_task (#21018)
  • Don't require dag_id in body in dagrun REST API endpoint (#21024)
  • Add Roles from Azure OAUTH Response in internal Security Manager (#20707)
  • Allow Viewing DagRuns and TIs if a user has DAG "read" perms (#20663)
  • Fix running airflow dags test <dag_id> <execution_dt> results in error when run twice (#21031)
  • Switch to non-vendored latest connexion library (#20910)
  • Bump flask-appbuilder to >=3.3.4 (#20628)
  • upgrade celery to 5.2.3 (#19703)
  • Bump croniter from <1.1 to <1.2 (#20489)
  • Avoid calling DAG.following_schedule() for TaskInstance.get_template_context() (#20486)
  • Fix(standalone): Remove hardcoded Webserver port (#20429)
  • Remove unnecessary logging in experimental API (#20356)
  • Un-ignore DeprecationWarning (#20322)
  • Deepcopying Kubernetes Secrets attributes causing issues (#20318)
  • Fix(dag-dependencies): fix arrow styling (#20303)
  • Adds retry on taskinstance retrieval lock (#20030)
  • Correctly send timing metrics when using dogstatsd (fix schedule_delay metric) (#19973)
  • Enhance multiple_outputs inference of dict typing (#19608)

... (truncated)

Commits
  • ee9049c fixup! Add changelog for 2.2.4rc1
  • 01b909b Pin Markupsafe until we are able to upgrade Flask/Jinja (#21664)
  • eb87aeb Add changelog for 2.2.4rc1
  • 969a275 Clarify pendulum use in timezone cases (#21646)
  • 56d82fc added explaining concept of logical date in DAG run docs (#21433)
  • 8cbf934 Adding missing login provider related methods from Flask-Appbuilder (#21294)
  • 7e80127 Add note about Variable precedence with env vars (#21568)
  • 1cbad37 Reorder migrations to include bugfix in 2.2.4 (#21598)
  • 436f452 Fix slow DAG deletion due to missing dag_id index for job table (#20282)
  • dd0a3a3 update tutorial_etl_dag notes (#21503)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump apache-airflow from 1.10.15 to 2.2.4
e5ae1d2 
Bumps [apache-airflow](https://github.com/apache/airflow) from 1.10.15 to 2.2.4.
- [Release notes](https://github.com/apache/airflow/releases)
- [Changelog](https://github.com/apache/airflow/blob/main/RELEASE_NOTES.rst)
- [Commits](apache/airflow@1.10.15...2.2.4)

---
updated-dependencies:
- dependency-name: apache-airflow
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team June 15, 2022 18:32
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 15, 2022
@ddl-olsonJD ddl-olsonJD changed the title Bump apache-airflow from 1.10.15 to 2.2.4 [DOM-38846] - Bump apache-airflow from 1.10.15 to 2.2.4 Jun 17, 2022
@ddl-olsonJD ddl-olsonJD merged commit 8c49bde into master Jun 24, 2022
@dependabot dependabot bot deleted the dependabot/pip/apache-airflow-2.2.4 branch June 24, 2022 13:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ddl-awroblicky ddl-awroblicky ddl-awroblicky approved these changes

@ddl-olsonJD ddl-olsonJD Awaiting requested review from ddl-olsonJD

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ddl-awroblicky @ddl-olsonJD