Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Removed EOL Python3.5 & bumped urllib3 ver to patch security vulnerability. #533

Conversation

Djcarrillo6
Copy link
Contributor

Description

The security vulnerability was detected in the package urllib3, and the fix necessitates an upgrade to urllib3 version 1.26.17. However, this upgrade is not compatible with Python version 3.5. As a consequence, this PR removes Python 3.5 references from noxfile.py and .github/workflows/test.yml.
The primary reason for removing Python 3.5, an End-of-Life version which can be referenced here, is to ensure the application's security and accommodate the updated urllib3 version.

Issues Resolved

This PR addresses high severity security vulnerability issue #532
This PR also meets one of the items in issue #430

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@codecov
Copy link

codecov bot commented Oct 12, 2023

Codecov Report

Merging #533 (1917afc) into main (84ac172) will decrease coverage by 0.08%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main     #533      +/-   ##
==========================================
- Coverage   70.72%   70.64%   -0.08%     
==========================================
  Files          83       83              
  Lines        7852     7852              
==========================================
- Hits         5553     5547       -6     
- Misses       2299     2305       +6     

see 2 files with indirect coverage changes

@Djcarrillo6 Djcarrillo6 force-pushed the fix/issue#532/bump-urllib3-latest-version branch from cc87388 to 740368a Compare October 12, 2023 02:54
Copy link
Collaborator

@saimedhi saimedhi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, @Djcarrillo6. Please correct changelog entry - PR number. And the rest all looks good to me.

@Djcarrillo6 Djcarrillo6 force-pushed the fix/issue#532/bump-urllib3-latest-version branch from 740368a to d304d34 Compare October 12, 2023 03:39
@Djcarrillo6
Copy link
Contributor Author

Adjusted the CHANGELOG, thanks for the helpful guidance @saimedhi!! 🙏

saimedhi
saimedhi previously approved these changes Oct 12, 2023
@saimedhi
Copy link
Collaborator

@VachaShah, @dblock please take a look.

CHANGELOG.md Show resolved Hide resolved
@Djcarrillo6 Djcarrillo6 force-pushed the fix/issue#532/bump-urllib3-latest-version branch from d304d34 to 373f616 Compare October 12, 2023 20:51
CHANGELOG.md Outdated
@@ -66,6 +67,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
### Deprecated
### Removed
- Removed support for Python 2.7 ([#421](https://github.com/opensearch-project/opensearch-py/pull/421))
- Removed support for Python 3.5 [#533](https://github.com/opensearch-project/opensearch-py/pull/533)
Copy link
Member

@dblock dblock Oct 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing parenthesis around the PR number to match the other changelog lines, same in the one above.

…erability

Signed-off-by: Djcarrillo6 <[email protected]>

Updated CHANGELOG with pull #

Signed-off-by: Djcarrillo6 <[email protected]>

Updated CHANGELOG with pull #

Signed-off-by: Djcarrillo6 <[email protected]>

Updated CHANGELOG removed section.

Signed-off-by: Djcarrillo6 <[email protected]>

Updated CHANGELOG removed section again

Signed-off-by: Djcarrillo6 <[email protected]>
@Djcarrillo6 Djcarrillo6 force-pushed the fix/issue#532/bump-urllib3-latest-version branch from 373f616 to 1917afc Compare October 12, 2023 20:54
@saimedhi saimedhi merged commit 62b408b into opensearch-project:main Oct 12, 2023
52 of 53 checks passed
Djcarrillo6 added a commit to Djcarrillo6/opensearch-py that referenced this pull request Oct 14, 2023
Signed-off-by: Djcarrillo6 <[email protected]>

Updated CHANGELOG

Signed-off-by: Djcarrillo6 <[email protected]>

Updated CHANGELOG & link to sample.

Signed-off-by: Djcarrillo6 <[email protected]>

updated changelog (opensearch-project#522)

Signed-off-by: saimedhi <[email protected]>

Bump version to 2.3.2 (opensearch-project#524)

Signed-off-by: saimedhi <[email protected]>

Fix: typos. (opensearch-project#526)

* Fix: typo.

Signed-off-by: dblock <[email protected]>

* Fix: typo.

Signed-off-by: dblock <[email protected]>

* Fixed its.

Signed-off-by: dblock <[email protected]>

* Added Visual Code settings to .gitignore.

Signed-off-by: dblock <[email protected]>

* Added loop type for async client.

Signed-off-by: dblock <[email protected]>

---------

Signed-off-by: dblock <[email protected]>

Modified generator to generate api deprecation warnings (opensearch-project#527)

Signed-off-by: saimedhi <[email protected]>

Generate cat client from API specs (opensearch-project#529)

Signed-off-by: saimedhi <[email protected]>

Generate cluster client from API specs (opensearch-project#530)

Signed-off-by: saimedhi <[email protected]>

Added new guide & sample module for using index templates. (opensearch-project#531)

Added index_template guide and sample

Signed-off-by: Djcarrillo6 <[email protected]>

Removed EOL Python3.5 & bumped urllib3 version to patch security vulnerability (opensearch-project#533)

Updated CHANGELOG with pull #

Updated CHANGELOG with pull #

Updated CHANGELOG removed section.

Updated CHANGELOG removed section again

Signed-off-by: Djcarrillo6 <[email protected]>

Align pool_maxsize for different connection pool implementations. (opensearch-project#535)

* Align pool_maxsize for different connection pool implementations.

Signed-off-by: dblock <[email protected]>

* Document connection classes and settings.

Signed-off-by: dblock <[email protected]>

* Undo change in async for backwards compatibility.

Signed-off-by: dblock <[email protected]>

* Fix: typo.

Signed-off-by: dblock <[email protected]>

---------

Signed-off-by: dblock <[email protected]>

Add micro benchmarks. (opensearch-project#537)

* Align pool_maxsize for different connection pool implementations.

Signed-off-by: dblock <[email protected]>

* Added benchmarks.

Signed-off-by: dblock <[email protected]>

* Multi-threaded vs. async benchmarks.

Signed-off-by: dblock <[email protected]>

* Set pool size to the number of threads.

Signed-off-by: dblock <[email protected]>

* Added sync/async benchmark.

Signed-off-by: dblock <[email protected]>

* Report client-side latency.

Signed-off-by: dblock <[email protected]>

* Various updates to benchmarks, demonstrating threading improves throughput.

Signed-off-by: dblock <[email protected]>

* Bench info.

Signed-off-by: dblock <[email protected]>

* Fixup format.

Signed-off-by: dblock <[email protected]>

* Undo async maxsize.

Signed-off-by: dblock <[email protected]>

* Moved benchmarks folder.

Signed-off-by: dblock <[email protected]>

* Updated documentation and project description.

Signed-off-by: dblock <[email protected]>

---------

Signed-off-by: dblock <[email protected]>
roma2023 pushed a commit to roma2023/opensearch-py that referenced this pull request Dec 28, 2023
…erability (opensearch-project#533)

Updated CHANGELOG with pull #

Updated CHANGELOG with pull #

Updated CHANGELOG removed section.

Updated CHANGELOG removed section again

Signed-off-by: Djcarrillo6 <[email protected]>
Signed-off-by: roma2023 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants