flyteorg
fix: upgrade request dependency to version that does not use vulnerable py dep
fix: upgrade request dependency to version that does not use vulnerable py dep
TL;DR
This request is just to upgrade the retry package dependency in requirements.txt for flytekit. The original unmaintained package has a dependency on the py package, which has a CVE with no fix version available:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42969
Type
- [x] Bug Fix
- [ ] Feature
- [ ] Plugin
Are all requirements met?
- [x] Code completed
- [x] Smoke tested
- [ ] Unit tests added
- [ ] Code documentation added
- [ ] Any pending items have an associated Issue
Complete description
In this PR, it is replaced with the recent release of the retry2 package version 0.9.5, which is a fork of the original retry package:
https://pypi.org/project/retry2/
Tracking Issue
https://github.com/flyteorg/flyte/issues/3052
Thank you for opening this pull request! 🙌
These tips will help get your PR across the finish line:
- Most of the repos have a PR template; if not, fill it out to the best of your knowledge.
- Sign off your commits (Reference: DCO Guide).
![welcome[bot] avatar](https://avatars.githubusercontent.com/in/4141?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
Merging #1409 (44d1346) into master (531db3c) will not change coverage. The diff coverage is
n/a.
@@ Coverage Diff @@
## master #1409 +/- ##
=======================================
Coverage 69.20% 69.20%
=======================================
Files 300 300
Lines 28084 28084
Branches 2640 2640
=======================================
Hits 19435 19435
Misses 8136 8136
Partials 513 513
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}