Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade requests to 2.32.3 and adds a license validation override to ddev #17702

Merged
merged 11 commits into from
Jun 7, 2024

Conversation

L3n41c
Copy link
Member

@L3n41c L3n41c commented Jun 1, 2024

What does this PR do?

This PR upgrades requests to the latest version to fix a CVE.

Motivation

This changelog.

Additional Notes

  • Fixes DataDog/image-vuln-scans#1488

Review checklist (to be filled by reviewers)

  • Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
  • Changelog entries must be created for modifications to shipped code
  • Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
  • If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

@L3n41c
Copy link
Member Author

L3n41c commented Jun 1, 2024

The CI tests are currently broken because of msabramo/requests-unixsocket#73.
Here is the (not yet merged) fix: msabramo/requests-unixsocket#72.

@steveny91
Copy link
Contributor

@L3n41c Hello! Yeah I ran into the same issue. Seems like the project hasn't been updated in a while and there's currently a fork out in pypi with the changes in your linked pr. I've tried adding that new unisocket module and bumping request to see if CI can work:

#17646

Copy link

github-actions bot commented Jun 3, 2024

The validations job has failed; please review the Files changed tab for possible suggestions to resolve.

@L3n41c L3n41c force-pushed the lenaic/upgrade-requests branch from a777683 to c854d42 Compare June 3, 2024 15:23
Copy link

github-actions bot commented Jun 3, 2024

The validations job has failed; please review the Files changed tab for possible suggestions to resolve.

@L3n41c
Copy link
Member Author

L3n41c commented Jun 3, 2024

Hi @steveny91,
I initially hoped to see msabramo/requests-unixsocket#72 eventually merged.
But if it lasts too long, we can indeed switch to the fork: c854d42
But the CI is still in bad shape. This time, I think it’s because of this license issue on Pypi:
image
image

@steveny91
Copy link
Contributor

@L3n41c Yeah I was also hoping they'd get that merged in as well. But I'll try to solve the license issue with the fork this week and get his through by next week.

@L3n41c
Copy link
Member Author

L3n41c commented Jun 4, 2024

FWIW, I’ve filed this issue about the license: https://gitlab.com/thelabnyc/requests-unixsocket2/-/issues/4.

@steveny91
Copy link
Contributor

@L3n41c #17769 should fix the license issue.

agent_requirements.in Outdated Show resolved Hide resolved
Copy link

github-actions bot commented Jun 7, 2024

The validations job has failed; please review the Files changed tab for possible suggestions to resolve.

…og/integrations-core into lenaic/upgrade-requests
Copy link

codecov bot commented Jun 7, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 86.51%. Comparing base (f3533fe) to head (4ad4cfa).
Report is 3 commits behind head on master.

Additional details and impacted files
Flag Coverage Δ
active_directory ?
activemq ?
activemq_xml ?
amazon_msk ?
ambari ?
apache ?
arangodb ?
argo_rollouts ?
argo_workflows ?
argocd ?
aspdotnet ?
avi_vantage ?
azure_iot_edge ?
boundary ?
btrfs ?
cacti ?
calico ?
cassandra ?
cert_manager ?
cisco_aci ?
citrix_hypervisor ?
cloud_foundry_api ?
cloudera ?
cockroachdb ?
consul ?
coredns ?
couch ?
crio ?
datadog_checks_base 89.68% <ø> (+0.84%) ⬆️
datadog_checks_dev 77.38% <ø> (+0.07%) ⬆️
datadog_checks_downloader ?
datadog_cluster_agent ?
dcgm ?
ddev ?
directory ?
disk ?
dns_check ?
dotnetclr ?
druid ?
ecs_fargate ?
eks_fargate ?
envoy ?
esxi ?
etcd ?
external_dns ?
fluentd ?
fluxcd ?
foundationdb ?
gearmand ?
gitlab_runner ?
go_expvar ?
gunicorn ?
harbor ?
hazelcast ?
hdfs_datanode ?
hdfs_namenode ?
hive ?
hivemq ?
http_check ?
hudi ?
ibm_db2 ?
ibm_i ?
ibm_mq ?
ibm_was ?
ignite ?
impala ?
istio ?
jboss_wildfly ?
kafka ?
karpenter ?
kong ?
kube_apiserver_metrics ?
kube_controller_manager ?
kube_dns ?
kube_metrics_server ?
kube_proxy ?
kube_scheduler ?
kubelet ?
kubernetes_cluster_autoscaler ?
kubernetes_state ?
kyototycoon ?
lighttpd ?
linkerd ?
linux_proc_extras ?
mapr ?
mapreduce ?
marathon ?
marklogic ?
mcache ?
mesos_master ?
mesos_slave ?
nagios ?
network ?
nfsstat ?
nginx ?
nginx_ingress_controller ?
nvidia_triton ?
openldap ?
openmetrics ?
openstack ?
openstack_controller ?
pgbouncer ?
php_fpm ?
postfix ?
powerdns_recursor ?
presto ?
process ?
prometheus ?
proxysql ?
pulsar ?
ray ?
redisdb ?
rethinkdb ?
riak ?
riakcs ?
silk ?
singlestore ?
snowflake ?
solr ?
spark ?
squid ?
statsd ?
strimzi ?
supervisord ?
system_core ?
system_swap ?
tcp_check ?
teamcity ?
tekton ?
teleport ?
temporal ?
teradata ?
tls ?
tokumx ?
torchserve ?
traefik_mesh ?
traffic_server ?
twemproxy ?
twistlock ?
varnish ?
vault ?
voltdb ?
vsphere ?
weaviate ?
win32_event_log ?
wmi_check ?
yarn ?
zk ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Copy link

github-actions bot commented Jun 7, 2024

The validations job has failed; please review the Files changed tab for possible suggestions to resolve.

Copy link

github-actions bot commented Jun 7, 2024

The validations job has failed; please review the Files changed tab for possible suggestions to resolve.

@steveny91 steveny91 changed the title Upgrade requests to 2.32.3 Upgrade requests to 2.32.3 and adds a license validation override to ddev Jun 7, 2024
@steveny91 steveny91 merged commit e1e61e5 into master Jun 7, 2024
48 checks passed
@steveny91 steveny91 deleted the lenaic/upgrade-requests branch June 7, 2024 21:00
datadog-agent-integrations-bot bot pushed a commit that referenced this pull request Jun 7, 2024
… to ddev (#17702)

* Upgrade `requests` to `2.32.3`

* Add changelog entry

* Bump the `requests-unixsocket` version to requests-unixsocket2==0.4.0

in order to get the following fix: msabramo/requests-unixsocket#72

* update license

* changelog

* Apply suggestions from code review

Co-authored-by: Steven Yuen <[email protected]>

* Regenerate LICENSE-3rdparty.csv

* conflicts

* sync license

* changelog

---------

Co-authored-by: steveny91 <[email protected]>
(cherry picked from commit e1e61e5)
github-actions bot pushed a commit that referenced this pull request Jun 7, 2024
… to ddev (#17702)

* Upgrade `requests` to `2.32.3`

* Add changelog entry

* Bump the `requests-unixsocket` version to requests-unixsocket2==0.4.0

in order to get the following fix: msabramo/requests-unixsocket#72

* update license

* changelog

* Apply suggestions from code review

Co-authored-by: Steven Yuen <[email protected]>

* Regenerate LICENSE-3rdparty.csv

* conflicts

* sync license

* changelog

---------

Co-authored-by: steveny91 <[email protected]> e1e61e5
steveny91 pushed a commit that referenced this pull request Jun 10, 2024
… to ddev (#17702) (#17776)

* Upgrade `requests` to `2.32.3`

* Add changelog entry

* Bump the `requests-unixsocket` version to requests-unixsocket2==0.4.0

in order to get the following fix: msabramo/requests-unixsocket#72

* update license

* changelog

* Apply suggestions from code review

Co-authored-by: Steven Yuen <[email protected]>

* Regenerate LICENSE-3rdparty.csv

* conflicts

* sync license

* changelog

---------

Co-authored-by: steveny91 <[email protected]>
(cherry picked from commit e1e61e5)

Co-authored-by: Lénaïc Huard <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants