Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FE-231 upgrade aiohttp to 3.9.4 #337

Merged
merged 14 commits into from
Jun 5, 2024
Merged

FE-231 upgrade aiohttp to 3.9.4 #337

merged 14 commits into from
Jun 5, 2024

Conversation

bahill
Copy link
Contributor

@bahill bahill commented May 30, 2024
edited
Loading

Why

FE-231

The library aiohttp has a high severity vulnerability that could lead to denial of service attacks against the service. This vulnerability has been fixed in version 3.9.4.

The version found in import service is 3.9.2.

This PR

Sets the aiohttp version to 3.9.4.
Pytests were run locally, and are run when this PR is opened to merge to main.
note that the e2e tests are currently disabled
The updated image was deployed to dev and the validation pipeline was run to prove that this did not break our ability to reach the Dagster repository.
Smoke tests will also be run on prod after deploy, if they fail, the last known good image will be deployed.

Checklist

  • Documentation has been updated as needed.

@bahill bahill marked this pull request as ready for review May 30, 2024 17:49
ahaessly
ahaessly approved these changes May 30, 2024
View reviewed changes
Copy link

@ahaessly ahaessly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@bahill bahill requested a review from aherbst-broad June 4, 2024 15:14
@bahill bahill requested a review from ahaessly June 4, 2024 17:27
aherbst-broad
aherbst-broad approved these changes Jun 4, 2024
View reviewed changes
Copy link
Contributor

@aherbst-broad aherbst-broad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Much simpler 👍

ahaessly
ahaessly approved these changes Jun 4, 2024
View reviewed changes
Copy link

@ahaessly ahaessly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@bahill bahill merged commit eef9c3a into main Jun 5, 2024
1 check passed
@bahill bahill deleted the FE-231-upgrade-aiohttp-to-3.9.4 branch June 5, 2024 14:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aherbst-broad aherbst-broad aherbst-broad approved these changes

@ahaessly ahaessly ahaessly approved these changes

@kilonzi kilonzi Awaiting requested review from kilonzi

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bahill @ahaessly @aherbst-broad