Removed EOL Python3.5 & bumped urllib3 ver to patch security vulnerability. #533
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Djcarrillo6
requested review from
VachaShah,
dblock,
harshavamsi,
axeoman,
deztructor,
Shephalimittal,
saimedhi and
florianvazelle
as code owners
Codecov Report
@@ Coverage Diff @@
## main #533 +/- ##
==========================================
- Coverage 70.72% 70.64% -0.08%
==========================================
Files 83 83
Lines 7852 7852
==========================================
- Hits 5553 5547 -6
- Misses 2299 2305 +6 |
Djcarrillo6
force-pushed
the
fix/issue#532/bump-urllib3-latest-version
branch
from
cc87388 to
740368a
Compare
saimedhi
requested changes
Oct 12, 2023
There was a problem hiding this comment.
Thank you, @Djcarrillo6. Please correct changelog entry - PR number. And the rest all looks good to me.
Djcarrillo6
force-pushed
the
fix/issue#532/bump-urllib3-latest-version
branch
from
740368a to
d304d34
Compare
|
Adjusted the CHANGELOG, thanks for the helpful guidance @saimedhi!! 🙏 |
saimedhi
previously approved these changes
Oct 12, 2023
|
@VachaShah, @dblock please take a look. |
dblock
requested changes
Oct 12, 2023
Djcarrillo6
force-pushed
the
fix/issue#532/bump-urllib3-latest-version
branch
from
d304d34 to
373f616
Compare
dblock
reviewed
Oct 12, 2023
CHANGELOG.md
Outdated
| @@ -66,6 +67,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) | |||
| ### Deprecated | |||
| ### Removed | |||
| - Removed support for Python 2.7 ([#421](https://github.com/opensearch-project/opensearch-py/pull/421)) | |||
| - Removed support for Python 3.5 [#533](https://github.com/opensearch-project/opensearch-py/pull/533) | |||
There was a problem hiding this comment.
Missing parenthesis around the PR number to match the other changelog lines, same in the one above.
…erability Signed-off-by: Djcarrillo6 <[email protected]> Updated CHANGELOG with pull # Signed-off-by: Djcarrillo6 <[email protected]> Updated CHANGELOG with pull # Signed-off-by: Djcarrillo6 <[email protected]> Updated CHANGELOG removed section. Signed-off-by: Djcarrillo6 <[email protected]> Updated CHANGELOG removed section again Signed-off-by: Djcarrillo6 <[email protected]>
Djcarrillo6
force-pushed
the
fix/issue#532/bump-urllib3-latest-version
branch
from
373f616 to
1917afc
Compare
dblock
approved these changes
Oct 12, 2023
saimedhi
approved these changes
Oct 12, 2023
Djcarrillo6
added a commit
to Djcarrillo6/opensearch-py
that referenced
this pull request
Oct 14, 2023
Signed-off-by: Djcarrillo6 <[email protected]> Updated CHANGELOG Signed-off-by: Djcarrillo6 <[email protected]> Updated CHANGELOG & link to sample. Signed-off-by: Djcarrillo6 <[email protected]> updated changelog (opensearch-project#522) Signed-off-by: saimedhi <[email protected]> Bump version to 2.3.2 (opensearch-project#524) Signed-off-by: saimedhi <[email protected]> Fix: typos. (opensearch-project#526) * Fix: typo. Signed-off-by: dblock <[email protected]> * Fix: typo. Signed-off-by: dblock <[email protected]> * Fixed its. Signed-off-by: dblock <[email protected]> * Added Visual Code settings to .gitignore. Signed-off-by: dblock <[email protected]> * Added loop type for async client. Signed-off-by: dblock <[email protected]> --------- Signed-off-by: dblock <[email protected]> Modified generator to generate api deprecation warnings (opensearch-project#527) Signed-off-by: saimedhi <[email protected]> Generate cat client from API specs (opensearch-project#529) Signed-off-by: saimedhi <[email protected]> Generate cluster client from API specs (opensearch-project#530) Signed-off-by: saimedhi <[email protected]> Added new guide & sample module for using index templates. (opensearch-project#531) Added index_template guide and sample Signed-off-by: Djcarrillo6 <[email protected]> Removed EOL Python3.5 & bumped urllib3 version to patch security vulnerability (opensearch-project#533) Updated CHANGELOG with pull # Updated CHANGELOG with pull # Updated CHANGELOG removed section. Updated CHANGELOG removed section again Signed-off-by: Djcarrillo6 <[email protected]> Align pool_maxsize for different connection pool implementations. (opensearch-project#535) * Align pool_maxsize for different connection pool implementations. Signed-off-by: dblock <[email protected]> * Document connection classes and settings. Signed-off-by: dblock <[email protected]> * Undo change in async for backwards compatibility. Signed-off-by: dblock <[email protected]> * Fix: typo. Signed-off-by: dblock <[email protected]> --------- Signed-off-by: dblock <[email protected]> Add micro benchmarks. (opensearch-project#537) * Align pool_maxsize for different connection pool implementations. Signed-off-by: dblock <[email protected]> * Added benchmarks. Signed-off-by: dblock <[email protected]> * Multi-threaded vs. async benchmarks. Signed-off-by: dblock <[email protected]> * Set pool size to the number of threads. Signed-off-by: dblock <[email protected]> * Added sync/async benchmark. Signed-off-by: dblock <[email protected]> * Report client-side latency. Signed-off-by: dblock <[email protected]> * Various updates to benchmarks, demonstrating threading improves throughput. Signed-off-by: dblock <[email protected]> * Bench info. Signed-off-by: dblock <[email protected]> * Fixup format. Signed-off-by: dblock <[email protected]> * Undo async maxsize. Signed-off-by: dblock <[email protected]> * Moved benchmarks folder. Signed-off-by: dblock <[email protected]> * Updated documentation and project description. Signed-off-by: dblock <[email protected]> --------- Signed-off-by: dblock <[email protected]>
roma2023
pushed a commit
to roma2023/opensearch-py
that referenced
this pull request
Dec 28, 2023
…erability (opensearch-project#533) Updated CHANGELOG with pull # Updated CHANGELOG with pull # Updated CHANGELOG removed section. Updated CHANGELOG removed section again Signed-off-by: Djcarrillo6 <[email protected]> Signed-off-by: roma2023 <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
The security vulnerability was detected in the package
urllib3, and the fix necessitates an upgrade tourllib3version 1.26.17. However, this upgrade is not compatible with Python version 3.5. As a consequence, this PR removes Python 3.5 references from noxfile.pyand .github/workflows/test.yml.The primary reason for removing Python 3.5, an End-of-Life version which can be referenced here, is to ensure the application's security and accommodate the updated urllib3 version.
Issues Resolved
This PR addresses high severity security vulnerability issue #532
This PR also meets one of the items in issue #430
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.