New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Address dependabot alerts, regenerate constraints.txt #1250
Conversation
Codecov Report
@@ Coverage Diff @@
## develop #1250 +/- ##
========================================
Coverage 93.62% 93.62%
========================================
Files 129 129
Lines 13134 13135 +1
========================================
+ Hits 12297 12298 +1
Misses 837 837
Continue to review full report at Codecov.
|
docker/constraints.in
Outdated
@@ -11,7 +11,7 @@ click>=8.0 | |||
cloudpickle>=0.4 | |||
compliance-checker>=4.0.0 | |||
dask>=2021.5.1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
dask and distributed versions should be the same ideally
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. I suspect that will be easier to figure out than the click version issue the tests have thrown up.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ugh - looks like there might be further issues arising from a new version of pip released overnight. |
… distributed versions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Paul, looks good.
Can you remove the mentions of paramiko
completely before merging.
@@ -9,9 +9,9 @@ celery>=4,<5 | |||
ciso8601 | |||
click>=8.0 | |||
cloudpickle>=0.4 | |||
compliance-checker>=4.0.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI, compliance checker is only for checking NetCDF metadata compliance.
If we ever get to the point of making NetCDF support optional, it can be optional too.
@@ -1,4 +1,4 @@ | |||
paramiko==2.7.1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
paramiko can go entirely, it's not used anywhere at all.
@@ -35,7 +35,7 @@ netCDF4==1.5.3 | |||
numpy==1.22.2 | |||
packaging==20.3 | |||
pandas==1.0.3 | |||
paramiko==2.7.1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See above, remove completely, not required or even used.
@@ -27,7 +28,7 @@ def printable_values(d): | |||
return {k: printable(v) for k, v in d.items()} | |||
|
|||
|
|||
def write_pretty(out_f, field_names, search_results, terminal_size=click.get_terminal_size()): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh my, I don't even think this datacube-search
thing should exist any more. I don't know why it ever did. The one or two commands it supports should be moved under datacube dataset
or datacube product`.
@@ -9,6 +9,7 @@ | |||
|
|||
import csv |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does anyone else dislike the naming of this module scripts
. IMO it should be cli
.
Maybe it doesn't matter, but I think of scripts as being quite different to a fully fledged and essential command line tool...
Reason for this pull request
Addresses upstream security issues identified by Dependabot.
Proposed changes
Update docs/rtd requirements
Update constraints.in and regenerated constraints.txt
Closes #xxxx
Tests added / passed
Fully documented, including
docs/about/whats_new.rst
for all changes