Skip to content

Update requirements to latest versions#2995

Merged
ukanga merged 3 commits intomainfrom
chore/update-requirements-20260113
Jan 21, 2026
Merged

Update requirements to latest versions#2995
ukanga merged 3 commits intomainfrom
chore/update-requirements-20260113

Conversation

@ukanga
Copy link
Member

@ukanga ukanga commented Jan 14, 2026

Changes / Features implemented

  • Update base Docker image from onaio/python-deps:3.10.19-20251028 to onaio/python-deps:3.10.19-20260113
  • Regenerate all .pip requirements files with latest package versions
  • Addresses CVE-2026-21441 (HIGH) by updating urllib3 from 2.6.0 to 2.6.3

Steps taken to verify this change does what is intended

  • Verified all 6 .pip files were regenerated successfully with pip-compile
  • Confirmed urllib3==2.6.3 is now pinned across all requirements files (base, dev, docs, azure, s3, ses)
  • CI pipeline will validate:
    • Static analysis (Prospector)
    • Unit tests across all test suites
    • Docker image build
    • Trivy security scan

Side effects of implementing this change

  • Package version updates may introduce breaking changes or deprecation warnings
  • Any packages with major version bumps should be reviewed for API changes

Before submitting this PR for review, please make sure you have:

- [x] Included tests
- [x] Updated documentation

Closes https://github.com/onaio/onadata/security/code-scanning/4837

@ukanga ukanga force-pushed the chore/update-requirements-20260113 branch from 4ae5e6d to 77fa0df Compare January 14, 2026 11:32
FrankApiyo
FrankApiyo previously approved these changes Jan 14, 2026
View reviewed changes
ukanga added 2 commits January 19, 2026 16:30
@ukanga
Update requirements to latest versions
613a0af 
- Update base Docker image to onaio/python-deps:3.10.19-20260113
- Regenerate all .pip files with pip-compile
@ukanga
Update base Docker image to onaio/python-deps:3.10.19-20260119
49e2955
@ukanga ukanga force-pushed the chore/update-requirements-20260113 branch from 77fa0df to 49e2955 Compare January 19, 2026 14:28
@ukanga ukanga merged commit 576f8a2 into main Jan 21, 2026
11 checks passed
@ukanga ukanga deleted the chore/update-requirements-20260113 branch January 21, 2026 07:37
@FrankApiyo FrankApiyo mentioned this pull request Jan 22, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@FrankApiyo FrankApiyo FrankApiyo approved these changes

@kelvin-muchiri kelvin-muchiri Awaiting requested review from kelvin-muchiri

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ukanga @FrankApiyo