Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade sqlalchemy 13.16 -> 1.3.24 and starlette 0.19.1 -> 0.25.0, ariadne 0.13 -> 0.17, fastapi 0.78 -> 0.92 #379

Merged
merged 3 commits into from
Mar 20, 2023
Merged

Upgrade sqlalchemy 13.16 -> 1.3.24 and starlette 0.19.1 -> 0.25.0, ariadne 0.13 -> 0.17, fastapi 0.78 -> 0.92 #379

merged 3 commits into from
Mar 20, 2023

Conversation

dlpzx
Copy link
Contributor

@dlpzx dlpzx commented Mar 20, 2023
edited
Loading

Feature or Bugfix

  • Bugfix

Detail

  • Upgrade starlette version: vulnerability found in starlette <0.25 (https://security.snyk.io/vuln/SNYK-PYTHON-STARLETTE-3319937). It does not affect data.all as we do not use python-multipart but nevertheless it is better to be in a non-vulnerable version.
  • Upgrade sqlalchemy version: the vulnerability is not stopping the CICD pipeline, but by upgrading we are able to use the latest version of alembic and we can revert the pinning of the version which happened in Pin alembic version to 'alembic==1.9.4' #354
  • Upgrade ariadne to version 0.17.0: needed to support starlette 0.25.0 Higher version of ariadne==0.18.0 removes PLAYGROUND_HTML constant that we use in testing (Check docs)
  • Upgrade fastapi version to 0.92.0: needed to support starlette 0.25.0 (Version that supports this particular version of starlette, docs)

Relates

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@dlpzx dlpzx linked an issue Mar 20, 2023 that may be closed by this pull request
Safety step fails: vulnerabilities in sqlalchemy 1.3.16 and in starlette 0.19.1 #378
Closed
@dlpzx dlpzx changed the title Upgrade sqlalchemy 13.16 -> 1.3.24 and starlette 0.19.1 -> 0.25.0, ariadne 0.13 -> 0.18, fastapi 0.78 -> 0.92 Upgrade sqlalchemy 13.16 -> 1.3.24 and starlette 0.19.1 -> 0.25.0, ariadne 0.13 -> 0.17, fastapi 0.78 -> 0.92 Mar 20, 2023
@dlpzx dlpzx requested a review from nikpodsh March 20, 2023 14:41
@dlpzx dlpzx marked this pull request as ready for review March 20, 2023 14:43
@dlpzx dlpzx merged commit 4002963 into main Mar 20, 2023
@dlpzx dlpzx deleted the 378-safety-step-fails-vulnerabilities-in-sqlalchemy-1316-and-in-starlette-0191 branch April 4, 2023 07:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikpodsh nikpodsh nikpodsh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Safety step fails: vulnerabilities in sqlalchemy 1.3.16 and in starlette 0.19.1
2 participants
@dlpzx @nikpodsh