Upgrade requirements #28487
Merged
Upgrade requirements #28487
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
millerdev
added
Open for review: do not merge
millerdev
force-pushed
the
dm/requirements
branch
from
0488d31
to
2581d1b
Compare
dannyroberts
approved these changes
Sep 9, 2020
| @@ -14,6 +14,7 @@ function setup() { | |||
|
|
|||
| scripts/uninstall-requirements.sh | |||
| pip install -r requirements/test-requirements.txt | |||
| hash -d pip | |||
There was a problem hiding this comment.
Huh interesting. What does this do?
There was a problem hiding this comment.
It removes /vendor/bin/pip from bash's command cache. This is necessary if the command path changes, as is the case when pip is upgraded on the line above.
snopoke
approved these changes
Sep 10, 2020
millerdev
force-pushed
the
dm/requirements
branch
from
2581d1b
to
00c2e6b
Compare
millerdev
added
awaiting QA
millerdev
force-pushed
the
dm/requirements
branch
from
00c2e6b
to
e81e08a
Compare
millerdev
force-pushed
the
dm/requirements
branch
2 times, most recently
from
5f65562
to
04d786a
Compare
dannyroberts
approved these changes
Sep 24, 2020
|
QA Pass. Waiting to merge until after the weekend. |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
First part of https://dimagi-dev.atlassian.net/browse/SAAS-11205
SUMMARY
Pin several unsafe library upgrades and a security update, and then upgrade requirements using
make upgrade-requirements.RISK ASSESSMENT / QA PLAN
The risk of this change set is hard to evaluate since many things are changing. However, the change log of every library that is being upgraded has been assessed to ensure as well as possible that no major/breaking changes are included in these upgrades.
Notes on pinned libraries
django-redis - wants to downgrade to 4.9 (was 4.10)Took a slight risk on these
(although probably unlikely to cause issues)
parser.parsewill now raiseTypeErrorwhentzinfosis passed a type that cannot be interpreted as a time zone. Prior to this change, it would raise anUnboundLocalErrorinstead.UnboundLocalErrordoes not appear anywhere in our codebase.I toyed with the idea of rolling out upgrades in smaller chunks, but the dependency graph is complex enough that it felt simpler to try them all in one go to see if tests pass. Test failures should hopefully provide an easy non-arbitrary way to find problems. The final commit of this PR could still be split into multiple chunks if there are no test failures but the risk still seems too large to roll out all at once.
Review by commit.