Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update py to 1.10.0 for dev dependencies dependencies #1208

Merged
merged 1 commit into from Jan 21, 2021
Merged

Update py to 1.10.0 for dev dependencies dependencies #1208

merged 1 commit into from Jan 21, 2021

Conversation

emkll
Copy link
Contributor

@emkll emkll commented Jan 8, 2021

Description

  • Updates py to >= 1.10.0 to address CVE-2020-29651
  • Updates pip-tools to 5.5.0 to address issues with pip-compile
  • Other changes should be limited to formatting output due to newer version of pip-tools

Test Plan

  • Dependency changes are dev-only.

Checklist

If these changes modify code paths involving cryptography, the opening of files in VMs or network (via the RPC service) traffic, Qubes testing in the staging environment is required. For fine tuning of the graphical user interface, testing in any environment in Qubes is required. Please check as applicable:

  • I have tested these changes in the appropriate Qubes environment
  • I do not have an appropriate Qubes OS workstation set up (the reviewer will need to test these changes)
  • These changes should not need testing in Qubes

If these changes add or remove files other than client code, the AppArmor profile may need to be updated. Please check as applicable:

  • I have updated the AppArmor profile
  • No update to the AppArmor profile is required for these changes
  • I don't know and would appreciate guidance

If these changes modify the database schema, you should include a database migration. Please check as applicable:

  • I have written a migration and upgraded a test database based on main and confirmed that the migration applies cleanly
  • I have written a migration but have not upgraded a test database based on main and would like the reviewer to do so
  • I need help writing a database migration
  • No database schema changes are needed

@emkll
Update pip dependencies
e69c04d 
- Update py to >= 1.10.0 to address CVE-2020-29651
- Update pip-tools to 5.5.0 to address issues with pip-compile
@emkll emkll added this to Ready for Review in SecureDrop Team Board Jan 8, 2021
kushaldas
kushaldas approved these changes Jan 21, 2021
View reviewed changes
Copy link
Contributor

@kushaldas kushaldas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hashes matched. Approved.

@kushaldas kushaldas merged commit ccf14d9 into main Jan 21, 2021
SecureDrop Team Board automation moved this from Ready for Review to Done Jan 21, 2021
@kushaldas kushaldas deleted the update-pip-20200108 branch January 21, 2021 12:18
@eloquence eloquence added this to the 0.4.1 milestone Feb 19, 2021
@eloquence eloquence mentioned this pull request Feb 19, 2021
Closed
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kushaldas kushaldas kushaldas approved these changes

@sssoleileraaa sssoleileraaa Awaiting requested review from sssoleileraaa

@redshiftzero redshiftzero Awaiting requested review from redshiftzero

Assignees
No one assigned
Labels
None yet
Projects
No open projects
SecureDrop Team Board
Done
Milestone
0.4.1
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@emkll @kushaldas @eloquence