build(python): bump project dependencies #1728
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
laurent-laporte-pro
force-pushed
the
feature/1724-upgrade-python-dependencies
branch
2 times, most recently
from
e625f58 to
3998b08
Compare
laurent-laporte-pro
force-pushed
the
feature/1724-upgrade-python-dependencies
branch
from
3998b08 to
9327e30
Compare
laurent-laporte-pro
force-pushed
the
feature/1724-upgrade-python-dependencies
branch
from
9327e30 to
a9a2b9f
Compare
This was referenced Dec 8, 2023
Merged
laurent-laporte-pro
force-pushed
the
feature/1724-upgrade-python-dependencies
branch
from
fcf6a87 to
4ff6734
Compare
flomnes
reviewed
Apr 29, 2024
laurent-laporte-pro
force-pushed
the
feature/1724-upgrade-python-dependencies
branch
from
4ff6734 to
8b1753c
Compare
MartinBelthle
force-pushed
the
feature/1724-upgrade-python-dependencies
branch
from
a1275c8 to
92f9e96
Compare
MartinBelthle
changed the title
|
Sonar raises a Security issue concerning the code |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
antarest/tools/lib.py
Outdated
| self.session = session or Session() | ||
| self.session.verify = False | ||
| # Setting verify to `False` may be useful during local development or testing. | ||
| self.session = session or Client(verify=False) |
Check failure
Code scanning / SonarCloud
Server certificates should be verified during SSL/TLS connections High
…ython-dependencies Signed-off-by: Sylvain Leclerc <[email protected]>
- improve checker to skip licensed subfolders - remove some wrong copyrights from forked projects Signed-off-by: Sylvain Leclerc <[email protected]>
…ython-dependencies Signed-off-by: Sylvain Leclerc <[email protected]>
Signed-off-by: Sylvain Leclerc <[email protected]>
…tion Signed-off-by: Sylvain Leclerc <[email protected]>
Signed-off-by: Sylvain Leclerc <[email protected]>
otherwise options such as populate_by_name are not correctly taken into account Signed-off-by: Sylvain Leclerc <[email protected]>
Signed-off-by: Sylvain Leclerc <[email protected]>
sylvlecl
force-pushed
the
feature/1724-upgrade-python-dependencies
branch
from
431bb60 to
f332df1
Compare
Distinguish root_path and api_prefix. root_path is to be used when a proxy prepends a prefix for the client, api_prefix is to be used when we want our server itself to prepend a prefix. Signed-off-by: Sylvain Leclerc <[email protected]>
Signed-off-by: Sylvain Leclerc <[email protected]>
Signed-off-by: Sylvain Leclerc <[email protected]>
sylvlecl
approved these changes
Sep 12, 2024
For this, although it's in the CLI tool, I preferred to really solve the issue by letting the command line user take the responsibility of disabling SSL certification, through a new argument |
maugde
pushed a commit
that referenced
this pull request
Sep 26, 2024
bumps main projection dependencies: - `pydantic` from 1.9 to 2.8: huge breaking change but with large performance benefits expected on serialization - `fastapi` from 0.73 to 0.110 - `uvicorn` from to 0.15 to 0.30 - `mypy` from 1.4 to 1.11 It also brings few changes inside dependencies - Drop `requests` in favor of `httpx` - Drop `fastapi-jwt-auth` as they do not and will not support pydantic v2. We've decided to fork their code and adapt it as it's really light (see new folder `/antarest/fastapi_jwt_auth`) These changes also induced other minor dependencies bump: `jinja2`, `typing_extensions`, `PyJWT`, `python-multipart` Last, this work includes fixes on the API prefix addition when running in standalone mode (desktop version). We now distinguish properties root_path (used when behind a proxy) and api_prefix (which actually makes our server add a prefix). Co-authored-by: belthlemar <[email protected]> Co-authored-by: Sylvain Leclerc <[email protected]>
maugde
pushed a commit
that referenced
this pull request
Sep 26, 2024
bumps main projection dependencies: - `pydantic` from 1.9 to 2.8: huge breaking change but with large performance benefits expected on serialization - `fastapi` from 0.73 to 0.110 - `uvicorn` from to 0.15 to 0.30 - `mypy` from 1.4 to 1.11 It also brings few changes inside dependencies - Drop `requests` in favor of `httpx` - Drop `fastapi-jwt-auth` as they do not and will not support pydantic v2. We've decided to fork their code and adapt it as it's really light (see new folder `/antarest/fastapi_jwt_auth`) These changes also induced other minor dependencies bump: `jinja2`, `typing_extensions`, `PyJWT`, `python-multipart` Last, this work includes fixes on the API prefix addition when running in standalone mode (desktop version). We now distinguish properties root_path (used when behind a proxy) and api_prefix (which actually makes our server add a prefix). Co-authored-by: belthlemar <[email protected]> Co-authored-by: Sylvain Leclerc <[email protected]>
maugde
pushed a commit
that referenced
this pull request
Sep 26, 2024
bumps main projection dependencies: - `pydantic` from 1.9 to 2.8: huge breaking change but with large performance benefits expected on serialization - `fastapi` from 0.73 to 0.110 - `uvicorn` from to 0.15 to 0.30 - `mypy` from 1.4 to 1.11 It also brings few changes inside dependencies - Drop `requests` in favor of `httpx` - Drop `fastapi-jwt-auth` as they do not and will not support pydantic v2. We've decided to fork their code and adapt it as it's really light (see new folder `/antarest/fastapi_jwt_auth`) These changes also induced other minor dependencies bump: `jinja2`, `typing_extensions`, `PyJWT`, `python-multipart` Last, this work includes fixes on the API prefix addition when running in standalone mode (desktop version). We now distinguish properties root_path (used when behind a proxy) and api_prefix (which actually makes our server add a prefix). Co-authored-by: belthlemar <[email protected]> Co-authored-by: Sylvain Leclerc <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Martin:
This PR aims at bumping several project dependencies:
pydanticfrom 1.9.0 to 2.8.2fastapifrom 0.73.0 to 0.110.3uvicornfrom to 0.15.0 to 0.30.6mypyfrom 1.4.1 to 1.11.1It also brings few changes inside dependencies
requestsin favor ofhttpxfastapi-jwt-authas they do not and will not support pydantic v2. We've decided to copy their code and adapt it as it's really light (see new folder/antarest/fastapi_jwt_auth)These changes also induced other minor dependencies bump:
jinja2,typing_extensions,PyJWT,python-multipart