dep: Remove dependency - six

[kfaseela]

Signed-off-by: Faseela K faseela.k@est.tech

Commit Message: Remove dependency - six
Additional Description: An internal 3pp scan reports that six version is older and a newer version is available. However as six is no longer used, attempting to remove the same
Risk Level: low
Testing: local build and pre checks done

[repokitteh-read-only]

Hi @kfaseela, welcome and thank you for your contribution.

We will try to review your Pull Request as quickly as possible.

In the meantime, please take a look at the contribution guidelines if you have not done so already.

🐱

Caused by: #19085 was opened by kfaseela.

see: more, trace.

[repokitteh-read-only]

CC @envoyproxy/dependency-shepherds: Your approval is needed for changes made to (bazel/.*repos.*\.bzl)|(bazel/dependency_imports\.bzl)|(api/bazel/.*\.bzl)|(.*/requirements\.txt)|(.*\.patch).
envoyproxy/dependency-shepherds assignee is @htuch

🐱

Caused by: #19085 was opened by kfaseela.

see: more, trace.

[phlax]

i wonder if this dep is required any longer, but otherwise lgtm

[moderation]

I created protocolbuffers/protobuf#5531 but it looks like six has now been removed from protocolbuffers - protocolbuffers/protobuf#9096

We don't support Python 2 either so removal would be best. Taking a look now

[kfaseela]

I created protocolbuffers/protobuf#5531 but it looks like six has now been removed from protocolbuffers - protocolbuffers/protobuf#9096

We don't support Python 2 either so removal would be best. Taking a look now

I can update the PR by removing the dependency if it is okay for everyone.

[moderation]

I did a quick non-test build with six removed and it worked. I suspect the problem will be with the Thrift filter tests due to archaic Python code

test/extensions/filters/network/thrift_proxy/thrift_object_impl_test.cc
70:            value = "six";                                          
125:      EXPECT_EQ("six", value.getValueTyped<std::string>());        
                                                                       
test/extensions/filters/network/thrift_proxy/requirements.in           
1:six                                                                  
                                                                       
test/extensions/filters/network/thrift_proxy/driver/BUILD              
27:        requirement("six"),                                         
40:        requirement("six"),                                         

[phlax]

thrift has its own requirements with six listed so i think that wont be an issue

@kfaseela i would say go ahead and remove it

[phlax]

test/extensions/filters/network/thrift_proxy/thrift_object_impl_test.cc

hmm, i see, its using it outside of the py rules

[moderation]

Yes, I think this C++ test code is referencing the six dependency in bazel/repository_locations,bzl and bazel/repositories,bzl. Related to this is the Thrift tech debt issue - #10701

[moderation]

It looks like #10702 was closed before merging. References to PY2 are still present

test/extensions/filters/network/thrift_proxy/driver/BUILD
21:    python_version = "PY2",                           
34:    python_version = "PY2",                           

[phlax]

It looks like #10702 was closed before merging

following up on that pr it seems like the things that it patched still would require patching

@moderation what is your thought on the best way forward update the dep or drop it ?

[moderation]

It would be preferable to drop it. ...Don't have to maintain a dependency that isn't there 😀

Even though we've made real progress on dep currency over the last couple of months, @kfaseela is going to find quite a few more out of date deps that are harder to bump and require deeper code change. fmt and spdlog are in this category

I'd like to try some local tests to see if I can remove six

[kfaseela]

It would be preferable to drop it. ...Don't have to maintain a dependency that isn't there 😀

Even though we've made real progress on dep currency over the last couple of months, @kfaseela is going to find quite a few more out of date deps that are harder to bump and require deeper code change. fmt and spdlog are in this category

I'd like to try some local tests to see if I can remove six

First time contributor, hence a basic doubt :) why did all the pre checks pass? Or we are yet to run the tests on the PR?

[phlax]

why did all the pre checks pass? Or we are yet to run the tests on the PR?

not sure, but it seems like the bit of code that uses six is not being hit in the CI tests

the "presubmit" tests are the PR tests

[kfaseela]

why did all the pre checks pass? Or we are yet to run the tests on the PR?

not sure, but it seems like the bit of code that uses six is not being hit in the CI tests

the "presubmit" tests are the PR tests

why did all the pre checks pass? Or we are yet to run the tests on the PR?

not sure, but it seems like the bit of code that uses six is not being hit in the CI tests

the "presubmit" tests are the PR tests

Ok. somehow, even running the thrift test locally passed for me. I did a Bazel clean build of envoy on my MacBook with six dependency removed, and then ran "bazel test //test/extensions/filters/network/thrift_proxy:thrift_object_impl_test" and it PASSED. May be I missed something!

[moderation]

I got the same results @kfaseela !! All tests pass. Looking closer at the code I don't believe the Thrift tests leverage the C++ package six. So I think this is good to go and great to remove unnecessary deps. I'm guessing that as protobuf dropped support we no longer need to pull in.

/lgtm deps

[kfaseela]

I got the same results @kfaseela !! All tests pass. Looking closer at the code I don't believe the Thrift tests leverage the C++ package six. So I think this is good to go and great to remove unnecessary deps. I'm guessing that as protobuf dropped support we no longer need to pull in.

/lgtm deps

Thank you! should I push a docs PR to remove six from here? https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/external_deps

[phlax]

Thank you! should I push a docs PR to remove six from here?

no, that should be automatically generated

[phlax]

lgtm, thanks @kfaseela

[rojkov]

Thank you @kfaseela!

[kfaseela]

@rojkov I see different roles labelled, for people who are submitting PRs. What is the eligibility criteria for becoming a "Member" from a "Contributor" ?

[rojkov]

@rojkov I see different roles labelled, for people who are submitting PRs. What is the eligibility criteria for becoming a "Member" from a "Contributor" ?

You can check https://github.com/envoyproxy/envoy/blob/main/GOVERNANCE.md