Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the referencing library #20

Merged
merged 1 commit into from
Nov 30, 2023
Merged

Use the referencing library #20

merged 1 commit into from
Nov 30, 2023

Conversation

matthewrmshin
Copy link
Collaborator

@matthewrmshin matthewrmshin commented Nov 29, 2023
edited
Loading

Description

This is to avoid the DeprecationWarning about
retrieving remote references being a security vulnerability.

(We have only used this feature for referencing items in the local file system, so the software should not have been compromised. Nevertheless it is best to modify the code so we don't get this warning.)

Impact

Expect no more deprecation warning.

Checklist

  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation
  • I have run the unit tests before creating the PR

@matthewrmshin matthewrmshin self-assigned this Nov 29, 2023
@matthewrmshin
Copy link
Collaborator Author

Sorry the fix is so complicated, but I don't think I can do any better.

This was the warning:

DeprecationWarning: Automatically retrieving remote references can be a security vulnerability and is discouraged by the JSON Schema specifications. Relying on this behavior is deprecated and will shortly become an error. If you are sure you want to remotely retrieve your reference and that it is safe to do so, you can find instructions for doing so via referencing.Registry in the referencing documentation (https://referencing.readthedocs.org).

@matthewrmshin matthewrmshin force-pushed the bugfix/referencing.jsonschema branch 2 times, most recently from 251490c to 5b5dcb2 Compare November 29, 2023 17:04
@matthewrmshin
Use the referencing library
7d58d8a 
This is to avoid the `DeprecationWarning` about
*retrieving remote references being a security vulnerability*.

(We have only used this feature for referencing items in the local file
system, so the software should not have been compromised. Nevertheless
it is best to modify the code so we don't get this warning.)
@matthewrmshin matthewrmshin force-pushed the bugfix/referencing.jsonschema branch from 5b5dcb2 to 7d58d8a Compare November 29, 2023 17:11
steoxley
steoxley approved these changes Nov 30, 2023
View reviewed changes
Copy link
Collaborator

@steoxley steoxley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've taken a read through this, and discussed it with the @matthewrmshin, I'm happy that this is probably the best we can do at this point if we don't want users to see security warnings. When we no longer support python 3.7 the code can be refactored to look less cumbersome.

@matthewrmshin matthewrmshin merged commit 24393ef into JCSDA-internal:main Nov 30, 2023
4 checks passed
@matthewrmshin matthewrmshin deleted the bugfix/referencing.jsonschema branch November 30, 2023 16:22
@matthewrmshin matthewrmshin added this to the 0.5.2 milestone Nov 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@steoxley steoxley steoxley approved these changes

Assignees

@matthewrmshin matthewrmshin

Labels
None yet
Projects
None yet
Milestone
0.5.2
Development

Successfully merging this pull request may close these issues.
2 participants
@matthewrmshin @steoxley