Removed EOL Python3.5 & bumped urllib3 ver to patch security vulnerability. #533
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Djcarrillo6
requested review from
VachaShah,
dblock,
harshavamsi,
axeoman,
deztructor,
Shephalimittal,
saimedhi and
florianvazelle
as code owners
Codecov Report
@@ Coverage Diff @@
## main #533 +/- ##
==========================================
- Coverage 70.72% 70.64% -0.08%
==========================================
Files 83 83
Lines 7852 7852
==========================================
- Hits 5553 5547 -6
- Misses 2299 2305 +6 |
Djcarrillo6
force-pushed
the
fix/issue#532/bump-urllib3-latest-version
branch
from
cc87388 to
740368a
Compare
saimedhi
requested changes
Oct 12, 2023
There was a problem hiding this comment.
Thank you, @Djcarrillo6. Please correct changelog entry - PR number. And the rest all looks good to me.
Djcarrillo6
force-pushed
the
fix/issue#532/bump-urllib3-latest-version
branch
from
740368a to
d304d34
Compare
|
Adjusted the CHANGELOG, thanks for the helpful guidance @saimedhi!! 🙏 |
saimedhi
previously approved these changes
Oct 12, 2023
|
@VachaShah, @dblock please take a look. |
dblock
requested changes
Oct 12, 2023
Djcarrillo6
force-pushed
the
fix/issue#532/bump-urllib3-latest-version
branch
from
d304d34 to
373f616
Compare
dblock
reviewed
Oct 12, 2023
CHANGELOG.md
Outdated
| @@ -66,6 +67,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) | |||
| ### Deprecated | |||
| ### Removed | |||
| - Removed support for Python 2.7 ([#421](https://github.com/opensearch-project/opensearch-py/pull/421)) | |||
| - Removed support for Python 3.5 [#533](https://github.com/opensearch-project/opensearch-py/pull/533) | |||
There was a problem hiding this comment.
Missing parenthesis around the PR number to match the other changelog lines, same in the one above.
…erability Signed-off-by: Djcarrillo6 <djcarrillo6@yahoo.com> Updated CHANGELOG with pull # Signed-off-by: Djcarrillo6 <djcarrillo6@yahoo.com> Updated CHANGELOG with pull # Signed-off-by: Djcarrillo6 <djcarrillo6@yahoo.com> Updated CHANGELOG removed section. Signed-off-by: Djcarrillo6 <djcarrillo6@yahoo.com> Updated CHANGELOG removed section again Signed-off-by: Djcarrillo6 <djcarrillo6@yahoo.com>
Djcarrillo6
force-pushed
the
fix/issue#532/bump-urllib3-latest-version
branch
from
373f616 to
1917afc
Compare
dblock
approved these changes
Oct 12, 2023
saimedhi
approved these changes
Oct 12, 2023
Djcarrillo6
added a commit
to Djcarrillo6/opensearch-py
that referenced
this pull request
Oct 14, 2023
Signed-off-by: Djcarrillo6 <djcarrillo6@yahoo.com> Updated CHANGELOG Signed-off-by: Djcarrillo6 <djcarrillo6@yahoo.com> Updated CHANGELOG & link to sample. Signed-off-by: Djcarrillo6 <djcarrillo6@yahoo.com> updated changelog (opensearch-project#522) Signed-off-by: saimedhi <saimedhi@amazon.com> Bump version to 2.3.2 (opensearch-project#524) Signed-off-by: saimedhi <saimedhi@amazon.com> Fix: typos. (opensearch-project#526) * Fix: typo. Signed-off-by: dblock <dblock@amazon.com> * Fix: typo. Signed-off-by: dblock <dblock@amazon.com> * Fixed its. Signed-off-by: dblock <dblock@amazon.com> * Added Visual Code settings to .gitignore. Signed-off-by: dblock <dblock@amazon.com> * Added loop type for async client. Signed-off-by: dblock <dblock@amazon.com> --------- Signed-off-by: dblock <dblock@amazon.com> Modified generator to generate api deprecation warnings (opensearch-project#527) Signed-off-by: saimedhi <saimedhi@amazon.com> Generate cat client from API specs (opensearch-project#529) Signed-off-by: saimedhi <saimedhi@amazon.com> Generate cluster client from API specs (opensearch-project#530) Signed-off-by: saimedhi <saimedhi@amazon.com> Added new guide & sample module for using index templates. (opensearch-project#531) Added index_template guide and sample Signed-off-by: Djcarrillo6 <djcarrillo6@yahoo.com> Removed EOL Python3.5 & bumped urllib3 version to patch security vulnerability (opensearch-project#533) Updated CHANGELOG with pull # Updated CHANGELOG with pull # Updated CHANGELOG removed section. Updated CHANGELOG removed section again Signed-off-by: Djcarrillo6 <djcarrillo6@yahoo.com> Align pool_maxsize for different connection pool implementations. (opensearch-project#535) * Align pool_maxsize for different connection pool implementations. Signed-off-by: dblock <dblock@amazon.com> * Document connection classes and settings. Signed-off-by: dblock <dblock@amazon.com> * Undo change in async for backwards compatibility. Signed-off-by: dblock <dblock@amazon.com> * Fix: typo. Signed-off-by: dblock <dblock@amazon.com> --------- Signed-off-by: dblock <dblock@amazon.com> Add micro benchmarks. (opensearch-project#537) * Align pool_maxsize for different connection pool implementations. Signed-off-by: dblock <dblock@amazon.com> * Added benchmarks. Signed-off-by: dblock <dblock@amazon.com> * Multi-threaded vs. async benchmarks. Signed-off-by: dblock <dblock@amazon.com> * Set pool size to the number of threads. Signed-off-by: dblock <dblock@amazon.com> * Added sync/async benchmark. Signed-off-by: dblock <dblock@amazon.com> * Report client-side latency. Signed-off-by: dblock <dblock@amazon.com> * Various updates to benchmarks, demonstrating threading improves throughput. Signed-off-by: dblock <dblock@amazon.com> * Bench info. Signed-off-by: dblock <dblock@amazon.com> * Fixup format. Signed-off-by: dblock <dblock@amazon.com> * Undo async maxsize. Signed-off-by: dblock <dblock@amazon.com> * Moved benchmarks folder. Signed-off-by: dblock <dblock@amazon.com> * Updated documentation and project description. Signed-off-by: dblock <dblock@amazon.com> --------- Signed-off-by: dblock <dblock@amazon.com>
roma2023
pushed a commit
to roma2023/opensearch-py
that referenced
this pull request
Dec 28, 2023
…erability (opensearch-project#533) Updated CHANGELOG with pull # Updated CHANGELOG with pull # Updated CHANGELOG removed section. Updated CHANGELOG removed section again Signed-off-by: Djcarrillo6 <djcarrillo6@yahoo.com> Signed-off-by: roma2023 <romasaparhan19@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
The security vulnerability was detected in the package
urllib3, and the fix necessitates an upgrade tourllib3version 1.26.17. However, this upgrade is not compatible with Python version 3.5. As a consequence, this PR removes Python 3.5 references from noxfile.pyand .github/workflows/test.yml.The primary reason for removing Python 3.5, an End-of-Life version which can be referenced here, is to ensure the application's security and accommodate the updated urllib3 version.
Issues Resolved
This PR addresses high severity security vulnerability issue #532
This PR also meets one of the items in issue #430
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.