Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restore floating Flask / Werkzeug dependency #3409

Merged
merged 1 commit into from
Apr 27, 2023
Merged

Restore floating Flask / Werkzeug dependency #3409

merged 1 commit into from
Apr 27, 2023

Conversation

dbutenhof
Copy link
Member

Werkzeug 2.3.1 appears to have resolved our problems using Flask 2.3.x, so restore the original floating dependency on flask.

This doesn't address the issue of whether we want to evaluate setting explicit dependencies across the board; the risk is that this forces us to periodically re-evaluate and update to avoid obsolescence and CVE problems, while the benefit is we don't have the sort of fun surprises recently delivered to us by flask and keycloak-js...

@dbutenhof
Restore floating Flask / Werkzeug dependency
ce745e7 
Werkzeug 2.3.1 appears to have resolved our problems using Flask 2.3.x,
so restore the original floating dependency on flask.

This doesn't address the issue of whether we want to evaluate setting
explicit dependencies across the board; the risk is that this forces us
to periodically re-evaluate and update to avoid obsolescence and CVE
problems, while the benefit is we don't have the sort of fun surprises
recently delivered to us by flask and keycloak-js...
@dbutenhof dbutenhof self-assigned this Apr 27, 2023
@dbutenhof dbutenhof mentioned this pull request Apr 27, 2023
Merged
webbnh
webbnh approved these changes Apr 27, 2023
View reviewed changes
Copy link
Member

@webbnh webbnh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks fine to me; however, given our recent experience, should we be placing a minimum on Flask and/or Werkzeug? (We really don't want Werkzeug 2.3.0....)

@dbutenhof
Copy link
Member Author

This looks fine to me; however, given our recent experience, should we be placing a minimum on Flask and/or Werkzeug? (We really don't want Werkzeug 2.3.0....)

That's a conversation worth having another day, and in a more general context across our requirements.txt and package.json dependencies. This just restores what we had before, which will now give us Flask 2.3.1 and Werkzeug 2.3.1. We're more likely to run afoul of another incompatible upgrade than in a sudden downgrade.

@dbutenhof dbutenhof merged commit 5feaef9 into distributed-system-analysis:main Apr 27, 2023
@dbutenhof dbutenhof deleted the pull branch April 27, 2023 22:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@webbnh webbnh webbnh approved these changes

@ndokos ndokos Awaiting requested review from ndokos

@npalaska npalaska Awaiting requested review from npalaska

@riya-17 riya-17 Awaiting requested review from riya-17

@siddardh-ra siddardh-ra Awaiting requested review from siddardh-ra

Assignees

@dbutenhof dbutenhof

Labels
Installation Server testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dbutenhof @webbnh