checkov
checkov copied to clipboard
bridgecrewio
Unpin boto3 and botocore versions
User description
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Description
Unpin boto3 and botocore as the bug from botocore is marked as resolved. That issue is related to urllib3 2.2.0 specifically.
Previous PRs that pinned the version: https://github.com/bridgecrewio/checkov/pull/6011, https://github.com/bridgecrewio/checkov/pull/6016
Fix: #6050
Generated description
Dear maintainer, below is a concise technical summary of the changes proposed in this PR:
Unpin the versions of boto3 and botocore in Pipfile and setup.py to allow for greater flexibility in dependency management. This change addresses the resolution of a bug in botocore related to urllib3 2.2.0. The boto3 version is updated to a range from 1.28.0 to less than 2.0.0, while botocore is no longer pinned to a specific version.
| Topic | Details | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Dependency Update | Unpin boto3 and botocore versions in Pipfile and setup.py to allow for greater flexibility in dependency management.Modified files (2)
Latest Contributors(2)
|
Hi @harryzcy , That’s a good input, although I’m not sure it really affects anything as it is right now. If you think it is necessary to have this change, I’d appreciate it if you could resolve the conflicts, and we will rerun our tests.
Thanks!
@Saarett it does create an issue while locking dependencies if i want to use a much more newer version of boto3 in my project. I am planning to implement checkov with cdktf in my project and un-pining this will help us move forward.
@harryzcy can you please resolve the conflicts?
