Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removing Werkzeug from requirements-test #718

Merged
merged 2 commits into from
Oct 17, 2024
Merged

Removing Werkzeug from requirements-test #718

merged 2 commits into from
Oct 17, 2024

Conversation

i-oden
Copy link
Member

@i-oden i-oden commented Oct 11, 2024
edited
Loading

Read this before submitting the PR

  1. Always create a Draft PR first
  2. Go through sections 1-5 below, fill them in and check all the boxes
  3. Make sure that the branch is updated; if there's an "Update branch" button at the bottom of the PR, rebase or update branch.
  4. When all boxes are checked, information is filled in, and the branch is updated: mark as Ready For Review and tag reviewers (top right)
  5. Once there is a submitted review, implement the suggestions (if reasonable, otherwise discuss) and request an new review.

If there is a field which you are unsure about, enter the edit mode of this description or go to the PR template; There are invisible comments providing descriptions which may be of help.

1. Description / Summary

Solves Werkzeug vulnerability alerted via scans.

2. Jira task / GitHub issue

https://scilifelab.atlassian.net/jira/software/projects/DDS/boards/13/backlog?epics=visible&selectedIssue=DDS-2040

3. Type of change

What type of change(s) does the PR contain?

Check the relevant boxes below. For an explanation of the different sections, enter edit mode of this PR description template.

  • New feature
    • Breaking: Why / How? Add info here.
    • Non-breaking
  • Bug fix
  • Security Alert fix
    • Package update
      • Major version update
  • Documentation
  • Workflow
  • Tests only

4. Additional information

  • Sprintlog Not adding sprintlog row since this only relates to tests.
  • Blocking PRs
    • Merged
  • PR to master branch: If checked, read the release instructions
    • I have followed steps 1-8.

5. Actions / Scans

Check the boxes when the specified checks have passed.

For information on what the different checks do and how to fix it if they're failing, enter edit mode of this description or go to the PR template.

  • Black
  • Pylint
  • Prettier
  • Yamllint
  • Tests
  • TestPyPI
  • CodeQL
  • Trivy
  • Snyk

@i-oden i-oden self-assigned this Oct 11, 2024
@i-oden i-oden marked this pull request as ready for review October 11, 2024 09:49
@i-oden i-oden requested a review from a team as a code owner October 11, 2024 09:49
@rv0lt
Copy link
Member

rv0lt commented Oct 16, 2024

Why is it Werzeug needed in the tests in the client?

@i-oden
Copy link
Member Author

i-oden commented Oct 17, 2024

Why is it Werzeug needed in the tests in the client?

I was asking myself the same thing. At some point I'm pretty sure we needed it because some package had it as a requirement but didn't install it itself, but now I'm not sure. Currently testing if it's needed.

@i-oden
Copy link
Member Author

i-oden commented Oct 17, 2024

@rv0lt Seems like it's no longer needed. Updating the title of this PR

@i-oden i-oden changed the title Bump werkzeug to 3.0.3 Removing Werkzeug from requirements-test Oct 17, 2024
rv0lt
rv0lt approved these changes Oct 17, 2024
View reviewed changes
Copy link
Member

@rv0lt rv0lt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Runned the tests and seem to work!

@i-oden i-oden merged commit 5150f2c into dev Oct 17, 2024
15 checks passed
@i-oden i-oden deleted the DDS-2040-fix-werkzeug-debugger-vulnerable-in-requirements-test-txt-of-dds-cli branch October 17, 2024 09:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rv0lt rv0lt rv0lt approved these changes

Assignees

@i-oden i-oden

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@i-oden @rv0lt