Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump moto from 4.1.2 to 5.0.6 #7653

Merged
merged 2 commits into from
May 8, 2024
Merged

build(deps): bump moto from 4.1.2 to 5.0.6 #7653

merged 2 commits into from
May 8, 2024

Conversation

bayandin
Copy link
Member

@bayandin bayandin commented May 8, 2024
edited

Problem

The main point of this PR is to get rid of python-jose and ecdsa packages as a transitive dependencies through moto.
They have a bunch of open vulnerabilities[1][2][3] (which don't affect us directly), but it's nice not to have them at all.

Summary of changes

  • Update moto from 4.1.2 to 5.0.6
  • Update code to accommodate breaking changes in moto_server

Checklist before requesting a review

  • I have performed a self-review of my code.
  • If it is a core feature, I have added thorough tests.
  • Do we need to implement analytics? if so did you add the relevant metrics to the dashboard?
  • If this PR requires public announcement, mark it with /release-notes label and add several sentences in this section.

Checklist before merging

  • Do not forget to reformat commit message to not include the above checklist

@bayandin bayandin requested review from koivunej and arpad-m May 8, 2024 10:03
@github-actions GitHub Actions
Copy link

github-actions bot commented May 8, 2024

3024 tests run: 2891 passed, 0 failed, 133 skipped (full report)

Flaky tests (1)

Postgres 15

  • test_vm_bit_clear_on_heap_lock: debug

Code coverage* (full report)

  • functions: 31.2% (6256 of 20053 functions)
  • lines: 46.7% (46935 of 100601 lines)

* collected from Rust tests only

The comment gets automatically updated with the latest test results
dbaa82b at 2024-05-08T10:49:27.308Z :recycle:

@bayandin bayandin merged commit a4a4d78 into main May 8, 2024
53 checks passed
@bayandin bayandin deleted the bayandin/update-moto branch May 8, 2024 11:26
a-masterov pushed a commit that referenced this pull request May 20, 2024
@bayandin @a-masterov
build(deps): bump moto from 4.1.2 to 5.0.6 (#7653)
cba9572 
## Problem

The main point of this PR is to get rid of `python-jose` and `ecdsa`
packages as transitive dependencies through `moto`.
They have a bunch of open vulnerabilities[1][2][3] (which don't affect
us directly), but it's nice not to have them at all.

- [1] GHSA-wj6h-64fc-37mp
- [2] GHSA-6c5p-j8vq-pqhj
- [3] GHSA-cjwg-qfpm-7377

## Summary of changes
- Update `moto` from 4.1.2 to 5.0.6
- Update code to accommodate breaking changes in `moto_server`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arpad-m arpad-m arpad-m approved these changes

@koivunej koivunej Awaiting requested review from koivunej

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bayandin @arpad-m