Skip to content

Upgrade requests to 2.32.3 and adds a license validation override to ddev #17702

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
steveny91 merged 11 commits into from
Jun 7, 2024
Merged

Upgrade requests to 2.32.3 and adds a license validation override to ddev #17702

steveny91 merged 11 commits into from
Jun 7, 2024

Conversation

@L3n41c
Copy link
Member

@L3n41c L3n41c commented Jun 1, 2024

What does this PR do?

This PR upgrades requests to the latest version to fix a CVE.

Motivation

This changelog.

Additional Notes

  • Fixes DataDog/image-vuln-scans#1488

Review checklist (to be filled by reviewers)

  • Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
  • Changelog entries must be created for modifications to shipped code
  • Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
  • If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

@L3n41c L3n41c requested a review from a team as a code owner June 1, 2024 18:16
@L3n41c
Copy link
Member Author

L3n41c commented Jun 1, 2024

The CI tests are currently broken because of msabramo/requests-unixsocket#73.
Here is the (not yet merged) fix: msabramo/requests-unixsocket#72.

@steveny91
Copy link
Contributor

steveny91 commented Jun 3, 2024

@L3n41c Hello! Yeah I ran into the same issue. Seems like the project hasn't been updated in a while and there's currently a fork out in pypi with the changes in your linked pr. I've tried adding that new unisocket module and bumping request to see if CI can work:

#17646

@github-actions
Copy link

github-actions bot commented Jun 3, 2024

The validations job has failed; please review the Files changed tab for possible suggestions to resolve.

@L3n41c L3n41c force-pushed the lenaic/upgrade-requests branch from a777683 to c854d42 Compare June 3, 2024 15:23
@github-actions
Copy link

github-actions bot commented Jun 3, 2024

The validations job has failed; please review the Files changed tab for possible suggestions to resolve.

@L3n41c
Copy link
Member Author

L3n41c commented Jun 3, 2024

Hi @steveny91,
I initially hoped to see msabramo/requests-unixsocket#72 eventually merged.
But if it lasts too long, we can indeed switch to the fork: c854d42
But the CI is still in bad shape. This time, I think it’s because of this license issue on Pypi:
image
image

@steveny91
Copy link
Contributor

steveny91 commented Jun 4, 2024

@L3n41c Yeah I was also hoping they'd get that merged in as well. But I'll try to solve the license issue with the fork this week and get his through by next week.

@L3n41c
Copy link
Member Author

L3n41c commented Jun 4, 2024

FWIW, I’ve filed this issue about the license: https://gitlab.com/thelabnyc/requests-unixsocket2/-/issues/4.

@steveny91
Copy link
Contributor

steveny91 commented Jun 7, 2024

@L3n41c #17769 should fix the license issue.

steveny91
steveny91 reviewed Jun 7, 2024
View reviewed changes
steveny91
steveny91 reviewed Jun 7, 2024
View reviewed changes
@github-actions
Copy link

github-actions bot commented Jun 7, 2024

The validations job has failed; please review the Files changed tab for possible suggestions to resolve.

@codecov
Copy link

codecov bot commented Jun 7, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 86.51%. Comparing base (f3533fe) to head (4ad4cfa).
Report is 3 commits behind head on master.

Additional details and impacted files
Flag Coverage Δ
active_directory ?
activemq ?
activemq_xml ?
amazon_msk ?
ambari ?
apache ?
arangodb ?
argo_rollouts ?
argo_workflows ?
argocd ?
aspdotnet ?
avi_vantage ?
azure_iot_edge ?
boundary ?
btrfs ?
cacti ?
calico ?
cassandra ?
cert_manager ?
cisco_aci ?
citrix_hypervisor ?
cloud_foundry_api ?
cloudera ?
cockroachdb ?
consul ?
coredns ?
couch ?
crio ?
datadog_checks_base 89.68% <ø> (+0.84%) ⬆️
datadog_checks_dev 77.38% <ø> (+0.07%) ⬆️
datadog_checks_downloader ?
datadog_cluster_agent ?
dcgm ?
ddev ?
directory ?
disk ?
dns_check ?
dotnetclr ?
druid ?
ecs_fargate ?
eks_fargate ?
envoy ?
esxi ?
etcd ?
external_dns ?
fluentd ?
fluxcd ?
foundationdb ?
gearmand ?
gitlab_runner ?
go_expvar ?
gunicorn ?
harbor ?
hazelcast ?
hdfs_datanode ?
hdfs_namenode ?
hive ?
hivemq ?
http_check ?
hudi ?
ibm_db2 ?
ibm_i ?
ibm_mq ?
ibm_was ?
ignite ?
impala ?
istio ?
jboss_wildfly ?
kafka ?
karpenter ?
kong ?
kube_apiserver_metrics ?
kube_controller_manager ?
kube_dns ?
kube_metrics_server ?
kube_proxy ?
kube_scheduler ?
kubelet ?
kubernetes_cluster_autoscaler ?
kubernetes_state ?
kyototycoon ?
lighttpd ?
linkerd ?
linux_proc_extras ?
mapr ?
mapreduce ?
marathon ?
marklogic ?
mcache ?
mesos_master ?
mesos_slave ?
nagios ?
network ?
nfsstat ?
nginx ?
nginx_ingress_controller ?
nvidia_triton ?
openldap ?
openmetrics ?
openstack ?
openstack_controller ?
pgbouncer ?
php_fpm ?
postfix ?
powerdns_recursor ?
presto ?
process ?
prometheus ?
proxysql ?
pulsar ?
ray ?
redisdb ?
rethinkdb ?
riak ?
riakcs ?
silk ?
singlestore ?
snowflake ?
solr ?
spark ?
squid ?
statsd ?
strimzi ?
supervisord ?
system_core ?
system_swap ?
tcp_check ?
teamcity ?
tekton ?
teleport ?
temporal ?
teradata ?
tls ?
tokumx ?
torchserve ?
traefik_mesh ?
traffic_server ?
twemproxy ?
twistlock ?
varnish ?
vault ?
voltdb ?
vsphere ?
weaviate ?
win32_event_log ?
wmi_check ?
yarn ?
zk ?

Flags with carried forward coverage won't be shown. Click here to find out more.

@github-actions
Copy link

github-actions bot commented Jun 7, 2024

The validations job has failed; please review the Files changed tab for possible suggestions to resolve.

@github-actions
Copy link

github-actions bot commented Jun 7, 2024

The validations job has failed; please review the Files changed tab for possible suggestions to resolve.

@steveny91 steveny91 changed the title Upgrade requests to 2.32.3 Upgrade requests to 2.32.3 and adds a license validation override to ddev Jun 7, 2024
@steveny91 steveny91 merged commit e1e61e5 into master Jun 7, 2024
@steveny91 steveny91 deleted the lenaic/upgrade-requests branch June 7, 2024 21:00
datadog-agent-integrations-bot bot pushed a commit that referenced this pull request Jun 7, 2024
@L3n41c @steveny91 @github-actions
Upgrade requests to 2.32.3 and adds a license validation override…
407707a 
… to ddev (#17702)

* Upgrade `requests` to `2.32.3`

* Add changelog entry

* Bump the `requests-unixsocket` version to requests-unixsocket2==0.4.0

in order to get the following fix: msabramo/requests-unixsocket#72

* update license

* changelog

* Apply suggestions from code review

Co-authored-by: Steven Yuen <[email protected]>

* Regenerate LICENSE-3rdparty.csv

* conflicts

* sync license

* changelog

---------

Co-authored-by: steveny91 <[email protected]>
(cherry picked from commit e1e61e5)
@datadog-agent-integrations-bot datadog-agent-integrations-bot bot mentioned this pull request Jun 7, 2024
Merged
4 tasks
github-actions bot pushed a commit that referenced this pull request Jun 7, 2024
@steveny91
Upgrade requests to 2.32.3 and adds a license validation override…
784fac6 
… to ddev (#17702)

* Upgrade `requests` to `2.32.3`

* Add changelog entry

* Bump the `requests-unixsocket` version to requests-unixsocket2==0.4.0

in order to get the following fix: msabramo/requests-unixsocket#72

* update license

* changelog

* Apply suggestions from code review

Co-authored-by: Steven Yuen <[email protected]>

* Regenerate LICENSE-3rdparty.csv

* conflicts

* sync license

* changelog

---------

Co-authored-by: steveny91 <[email protected]> e1e61e5
steveny91 pushed a commit that referenced this pull request Jun 10, 2024
@datadog-agent-integrations-bot @L3n41c
Upgrade requests to 2.32.3 and adds a license validation override…
8102453 
… to ddev (#17702) (#17776)

* Upgrade `requests` to `2.32.3`

* Add changelog entry

* Bump the `requests-unixsocket` version to requests-unixsocket2==0.4.0

in order to get the following fix: msabramo/requests-unixsocket#72

* update license

* changelog

* Apply suggestions from code review

Co-authored-by: Steven Yuen <[email protected]>

* Regenerate LICENSE-3rdparty.csv

* conflicts

* sync license

* changelog

---------

Co-authored-by: steveny91 <[email protected]>
(cherry picked from commit e1e61e5)

Co-authored-by: Lénaïc Huard <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@steveny91 steveny91 steveny91 left review comments

@Kyle-Neale Kyle-Neale Kyle-Neale approved these changes

Assignees

No one assigned

Labels

backport/7.55.x base_package dependencies dev_package dev/tooling team/agent-integrations

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@L3n41c @steveny91 @Kyle-Neale