pytest-celery icon indicating copy to clipboard operation
pytest-celery copied to clipboard

Published 20 hours ago verified publisher icon celery

Replace outdated dependency with security flags

Open shcheklein opened this issue 1 year ago • 3 comments

pytest-celery raises security scan alert (e.g. https://github.com/iterative/dvc-task/actions/runs/8883067284/job/24389104408?pr=128)

It depends on retry libm which itself depends (for no good reason) on py which is flagged for security and is outdated:

https://github.com/invl/retry/issues/58 https://github.com/invl/retry/pull/60

It seems it's not maintained (last release / update is ~8 years ago).

A replacement is funcy - lightweight (no dependencies AFAIK), license is good, maintained. We have been using it in DVC.org for a while.

shcheklein avatar Apr 29 '24 22:04 shcheklein

Codecov Report

Attention: Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.

Project coverage is 25.27%. Comparing base (ed8616f) to head (3ab2185). Report is 105 commits behind head on main.

Files with missing lines Patch % Lines
src/pytest_celery/api/container.py 0.00% 2 Missing :warning:
Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #305   +/-   ##
=======================================
  Coverage   25.27%   25.27%           
=======================================
  Files          37       37           
  Lines        1187     1187           
  Branches      235      235           
=======================================
  Hits          300      300           
  Misses        859      859           
  Partials       28       28

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Apr 30 '24 07:04 codecov[bot]

hey @Nusnus, thanks for running the pipeline for this 🙏 . Let me know if you need anything here or is it good to go as is.

shcheklein avatar Apr 30 '24 19:04 shcheklein

hey @Nusnus, thanks for running the pipeline for this 🙏 . Let me know if you need anything here or is it good to go as is.

Thanks for the PR! I have a very busy week and many PRs to review, but I will sure get to everything as soon as I can.

I’ll let you know if anything else is needed, thank you!

Nusnus avatar Apr 30 '24 19:04 Nusnus

Was noticing the same issue and found this PR. If for some reason funcy doesn't work there's also tenacity as an option, though I guess this mostly just needs to be updated again so that tests pass?

jerr0328 avatar Jun 17 '24 07:06 jerr0328

Was noticing the same issue and found this PR. If for some reason funcy doesn't work there's also tenacity as an option, though I guess this mostly just needs to be updated again so that tests pass?

I'm leaning towards tenacity as well. Over my head with Celery stuff at the moment so it takes longer, but I didn't forget this issue ♥️

Nusnus avatar Jun 17 '24 09:06 Nusnus

@shcheklein @jerr0328 @skshetry Issue fixed, including all of the following as well:

CleanShot 2024-07-17 at 01 47 28@2x

Nusnus avatar Jul 16 '24 22:07 Nusnus

@shcheklein @jerr0328 @skshetry Issue fixed, including all of the following as well:

CleanShot 2024-07-17 at 01 47 28@2x

Released in v1.0.1

Nusnus avatar Jul 17 '24 21:07 Nusnus