Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

charm-tools: bump python resources #131661

Closed
wants to merge 1 commit into from
Closed

charm-tools: bump python resources #131661

wants to merge 1 commit into from

Conversation

BrewTestBot
Copy link
Member

Created by brew-pip-audit.

The following resources have known vulnerabilities:

https://files.pythonhosted.org/packages/9d/ee/391076f5937f0a8cdf5e53b701ffc91753e87b07d66bae4a09aa671897bf/requests-2.28.2.tar.gz

Of those, the following were patched:

https://files.pythonhosted.org/packages/9d/ee/391076f5937f0a8cdf5e53b701ffc91753e87b07d66bae4a09aa671897bf/requests-2.28.2.tar.gz

On errors/problems, please ping @woodruffw or @alex.

@github-actions github-actions bot added python Python use is a significant feature of the PR or issue rust Rust use is a significant feature of the PR or issue labels May 23, 2023
@woodruffw
Copy link
Member

Triaging: reported upstream: juju/charm-tools#657

@carlocab
Copy link
Member

On errors/problems, please ping @woodruffw or @alex.

This can easily be automated via workflow, if you're interested, btw. (May produce false positives, though.)

@woodruffw
Copy link
Member

This can easily be automated via workflow, if you're interested, btw. (May produce false positives, though.)

I'm okay with a few false positives, not sure about @alex!

If you give me some pointers I can take a stab at that automation, unless you're offering to do it 🙂

@alex
Copy link
Contributor

alex commented May 23, 2023

Sure, hit me.

@chenrui333 chenrui333 added the test failure CI fails while running the test-do block label May 23, 2023
@woodruffw
Copy link
Member

Upstream resolution: charm-tools doesn't support Python 3.11 yet, so this should probably be downgraded to python@3.10. That'll also transitively bring pip down.

carlocab added a commit to carlocab/homebrew-core that referenced this pull request May 25, 2023
This will allow us to add automation that will be done after CI
failures.

For now, we can automate pinging `@woodruffw` and `@alex` on failures of
the `brew-pip-audit` workflow to avoid other maintainers from having to
manually do this.

See related discussions at Homebrew#131661.
@carlocab
Copy link
Member

This can easily be automated via workflow, if you're interested, btw. (May produce false positives, though.)

I'm okay with a few false positives, not sure about @alex!

If you give me some pointers I can take a stab at that automation, unless you're offering to do it 🙂

#131950

@carlocab
Copy link
Member

Upstream resolution: charm-tools doesn't support Python 3.11 yet, so this should probably be downgraded to python@3.10. That'll also transitively bring pip down.

Switching to python@3.10 still has the test failing, unfortunately.

@github-actions
Copy link
Contributor

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

@github-actions github-actions bot added the stale No recent activity label Jun 15, 2023
@chenrui333 chenrui333 closed this Jun 21, 2023
@p-linnane p-linnane deleted the brew-pip-audit-charm-tools-1684811693 branch February 24, 2024 04:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
pip-audit python Python use is a significant feature of the PR or issue rust Rust use is a significant feature of the PR or issue stale No recent activity test failure CI fails while running the test-do block
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants