Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Maintenance: Fix transitive dependency resolution #5857

Closed
1 of 2 tasks
leandrodamascena opened this issue Jan 13, 2025 · 1 comment · Fixed by #5858 or #5859
Closed
1 of 2 tasks

Maintenance: Fix transitive dependency resolution #5857

leandrodamascena opened this issue Jan 13, 2025 · 1 comment · Fixed by #5858 or #5859
Labels
internal Maintenance changes triage Pending triage from maintainers

Comments

@leandrodamascena
Copy link
Contributor

Why is this needed?

Some dependencies like boto3 depend on urllib and dependency resolution fails sometimes.

Some other dependencies like aws-requests-auth are bringing in requests as an optional dependency, but they are not pinning the minimum version of requests and are installing requests==0.14.0 which has a potential CVE. Even this does not affect customers, because it is a development dependency, it is important to fix.

Which area does this relate to?

Automation

Solution

No response

Acknowledgment
@leandrodamascena leandrodamascena added internal Maintenance changes triage Pending triage from maintainers labels Jan 13, 2025
@leandrodamascena leandrodamascena mentioned this issue Jan 13, 2025
Merged
7 tasks
@leandrodamascena leandrodamascena linked a pull request Jan 13, 2025 that will close this issue
chore(ci): fix dependency resolution #5858
Merged
7 tasks
@github-project-automation github-project-automation bot moved this from Triage to Coming soon in Powertools for AWS Lambda (Python) Jan 13, 2025
@github-actions GitHub Actions
Copy link
Contributor

⚠️COMMENT VISIBILITY WARNING⚠️

This issue is now closed. Please be mindful that future comments are hard for our team to see.

If you need more assistance, please either tag a team member or open a new issue that references this one.

If you wish to keep having a conversation with other community members under this issue feel free to do so.

@github-actions github-actions bot added the pending-release Fix or implementation already in dev waiting to be released label Jan 13, 2025
@leandrodamascena leandrodamascena mentioned this issue Jan 13, 2025
Merged
7 tasks
@leandrodamascena leandrodamascena linked a pull request Jan 13, 2025 that will close this issue
chore(ci): fix dependency resolution #5859
Merged
7 tasks
@dreamorosi dreamorosi mentioned this issue Jan 20, 2025
Open
@leandrodamascena leandrodamascena removed the pending-release Fix or implementation already in dev waiting to be released label Jan 20, 2025
@leandrodamascena leandrodamascena moved this from Coming soon to Shipped in Powertools for AWS Lambda (Python) Jan 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
internal Maintenance changes triage Pending triage from maintainers
Projects
Powertools for AWS Lambda (Python)
Status: Shipped
Milestone
No milestone
1 participant
@leandrodamascena