Skip to content

Add note about why 3.9.3 omitted#6043

Merged
jeffwidman merged 1 commit intomainfrom
jeffwidman-patch-3
Nov 23, 2022
Merged

Add note about why 3.9.3 omitted#6043
jeffwidman merged 1 commit intomainfrom
jeffwidman-patch-3

Conversation

@jeffwidman
Copy link
Copy Markdown
Member

@jeffwidman jeffwidman commented Nov 4, 2022
edited
Loading

Add note about why 3.9.3 excluded

@jeffwidman jeffwidman requested a review from a team as a code owner November 4, 2022 07:37
@jeffwidman jeffwidman mentioned this pull request Nov 4, 2022
Merged
jeffwidman
jeffwidman commented Nov 4, 2022
View reviewed changes
python/lib/dependabot/python/python_versions.rb
@@ -9,14 +9,15 @@ module PythonVersions

# Due to an OpenSSL issue we can only install the following versions in
# the Dependabot container.
Copy link
Copy Markdown
Member Author

@jeffwidman jeffwidman Nov 4, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here's the commit that added this: e43c80f

So when this note was added, the vulnerable versions were in the 3.5.x series... 3.6 is now EOL from upstream Python, although we're unofficially made a number of choices to continue to support it until Ubuntu 18.04 goes EOL this coming April.

Before that, there was a note about poetry not supporting python versions, which got added way back here: 6f734df#diff-fcc7191de583ab48f2202111f3076e45200c2ff6b83bb4b3f88425a81ee604e4R3-R8

So I wonder if poetry now supports this?? In which case we could drop this hardcoded python version list altogether?? 🤔

Copy link
Copy Markdown
Member Author

@jeffwidman jeffwidman Nov 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I filed #6044 to track this, as not something I have time to look into right now. For now IMO we should merge this to unblock ourselves/get correct, then later circle back and clean this up.

@jeffwidman jeffwidman mentioned this pull request Nov 4, 2022
Closed
1 task
@jeffwidman jeffwidman mentioned this pull request Nov 9, 2022
Merged
ulgens
ulgens reviewed Nov 15, 2022
View reviewed changes
@jeffwidman jeffwidman changed the title Add missing python patch versions Add note about why 3.9.3 omitted Nov 22, 2022
@jeffwidman jeffwidman enabled auto-merge (rebase) November 22, 2022 23:01
@jeffwidman jeffwidman disabled auto-merge November 22, 2022 23:06
@jeffwidman jeffwidman enabled auto-merge (rebase) November 23, 2022 00:38
@jeffwidman jeffwidman merged commit a97ae71 into main Nov 23, 2022
@jeffwidman jeffwidman deleted the jeffwidman-patch-3 branch November 23, 2022 00:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@ulgens ulgens ulgens left review comments

@deivid-rodriguez deivid-rodriguez deivid-rodriguez approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jeffwidman @ulgens @deivid-rodriguez