Skip to content

Upgrade requests to 2.32.3 and adds a license validation override to ddev#17702

Merged
steveny91 merged 11 commits intomasterfrom
lenaic/upgrade-requests
Jun 7, 2024
Merged

Upgrade requests to 2.32.3 and adds a license validation override to ddev#17702
steveny91 merged 11 commits intomasterfrom
lenaic/upgrade-requests

Conversation

@L3n41c
Copy link
Member

@L3n41c L3n41c commented Jun 1, 2024

What does this PR do?

This PR upgrades requests to the latest version to fix a CVE.

Motivation

This changelog.

Additional Notes

  • Fixes DataDog/image-vuln-scans#1488

Review checklist (to be filled by reviewers)

  • Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
  • Changelog entries must be created for modifications to shipped code
  • Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
  • If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

@L3n41c L3n41c requested a review from a team as a code owner June 1, 2024 18:16
@L3n41c
Copy link
Member Author

L3n41c commented Jun 1, 2024

The CI tests are currently broken because of msabramo/requests-unixsocket#73.
Here is the (not yet merged) fix: msabramo/requests-unixsocket#72.

@steveny91
Copy link
Contributor

steveny91 commented Jun 3, 2024

@L3n41c Hello! Yeah I ran into the same issue. Seems like the project hasn't been updated in a while and there's currently a fork out in pypi with the changes in your linked pr. I've tried adding that new unisocket module and bumping request to see if CI can work:

#17646

@github-actions
Copy link

github-actions bot commented Jun 3, 2024

The validations job has failed; please review the Files changed tab for possible suggestions to resolve.

@L3n41c L3n41c force-pushed the lenaic/upgrade-requests branch from a777683 to c854d42 Compare June 3, 2024 15:23
@github-actions
Copy link

github-actions bot commented Jun 3, 2024

The validations job has failed; please review the Files changed tab for possible suggestions to resolve.

@L3n41c
Copy link
Member Author

L3n41c commented Jun 3, 2024

Hi @steveny91,
I initially hoped to see msabramo/requests-unixsocket#72 eventually merged.
But if it lasts too long, we can indeed switch to the fork: c854d42
But the CI is still in bad shape. This time, I think it’s because of this license issue on Pypi:
image
image

@steveny91
Copy link
Contributor

steveny91 commented Jun 4, 2024

@L3n41c Yeah I was also hoping they'd get that merged in as well. But I'll try to solve the license issue with the fork this week and get his through by next week.

@L3n41c
Copy link
Member Author

L3n41c commented Jun 4, 2024

FWIW, I’ve filed this issue about the license: https://gitlab.com/thelabnyc/requests-unixsocket2/-/issues/4.

@steveny91
Copy link
Contributor

steveny91 commented Jun 7, 2024

@L3n41c #17769 should fix the license issue.

steveny91
steveny91 reviewed Jun 7, 2024
View reviewed changes
steveny91
steveny91 reviewed Jun 7, 2024
View reviewed changes
@L3n41c @steveny91
Apply suggestions from code review
093375a 
Co-authored-by: Steven Yuen <steven.yuen@datadoghq.com>
@github-actions
Copy link

github-actions bot commented Jun 7, 2024

The validations job has failed; please review the Files changed tab for possible suggestions to resolve.

@L3n41c
Merge branch 'sy/update-license-unixsocket' of ssh://github.com/DataD…
9c63c1f 
…og/integrations-core into lenaic/upgrade-requests
@codecov
Copy link

codecov bot commented Jun 7, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 86.51%. Comparing base (f3533fe) to head (4ad4cfa).
Report is 3 commits behind head on master.

Additional details and impacted files
Flag Coverage Δ
active_directory ?
activemq ?
activemq_xml ?
amazon_msk ?
ambari ?
apache ?
arangodb ?
argo_rollouts ?
argo_workflows ?
argocd ?
aspdotnet ?
avi_vantage ?
azure_iot_edge ?
boundary ?
btrfs ?
cacti ?
calico ?
cassandra ?
cert_manager ?
cisco_aci ?
citrix_hypervisor ?
cloud_foundry_api ?
cloudera ?
cockroachdb ?
consul ?
coredns ?
couch ?
crio ?
datadog_checks_base 89.68% <ø> (+0.84%) ⬆️
datadog_checks_dev 77.38% <ø> (+0.07%) ⬆️
datadog_checks_downloader ?
datadog_cluster_agent ?
dcgm ?
ddev ?
directory ?
disk ?
dns_check ?
dotnetclr ?
druid ?
ecs_fargate ?
eks_fargate ?
envoy ?
esxi ?
etcd ?
external_dns ?
fluentd ?
fluxcd ?
foundationdb ?
gearmand ?
gitlab_runner ?
go_expvar ?
gunicorn ?
harbor ?
hazelcast ?
hdfs_datanode ?
hdfs_namenode ?
hive ?
hivemq ?
http_check ?
hudi ?
ibm_db2 ?
ibm_i ?
ibm_mq ?
ibm_was ?
ignite ?
impala ?
istio ?
jboss_wildfly ?
kafka ?
karpenter ?
kong ?
kube_apiserver_metrics ?
kube_controller_manager ?
kube_dns ?
kube_metrics_server ?
kube_proxy ?
kube_scheduler ?
kubelet ?
kubernetes_cluster_autoscaler ?
kubernetes_state ?
kyototycoon ?
lighttpd ?
linkerd ?
linux_proc_extras ?
mapr ?
mapreduce ?
marathon ?
marklogic ?
mcache ?
mesos_master ?
mesos_slave ?
nagios ?
network ?
nfsstat ?
nginx ?
nginx_ingress_controller ?
nvidia_triton ?
openldap ?
openmetrics ?
openstack ?
openstack_controller ?
pgbouncer ?
php_fpm ?
postfix ?
powerdns_recursor ?
presto ?
process ?
prometheus ?
proxysql ?
pulsar ?
ray ?
redisdb ?
rethinkdb ?
riak ?
riakcs ?
silk ?
singlestore ?
snowflake ?
solr ?
spark ?
squid ?
statsd ?
strimzi ?
supervisord ?
system_core ?
system_swap ?
tcp_check ?
teamcity ?
tekton ?
teleport ?
temporal ?
teradata ?
tls ?
tokumx ?
torchserve ?
traefik_mesh ?
traffic_server ?
twemproxy ?
twistlock ?
varnish ?
vault ?
voltdb ?
vsphere ?
weaviate ?
win32_event_log ?
wmi_check ?
yarn ?
zk ?

Flags with carried forward coverage won't be shown. Click here to find out more.

@github-actions
Copy link

github-actions bot commented Jun 7, 2024

The validations job has failed; please review the Files changed tab for possible suggestions to resolve.

@github-actions
Copy link

github-actions bot commented Jun 7, 2024

The validations job has failed; please review the Files changed tab for possible suggestions to resolve.

@steveny91 steveny91 changed the title Upgrade requests to 2.32.3 Upgrade requests to 2.32.3 and adds a license validation override to ddev Jun 7, 2024
@steveny91 steveny91 merged commit e1e61e5 into master Jun 7, 2024
@steveny91 steveny91 deleted the lenaic/upgrade-requests branch June 7, 2024 21:00
datadog-agent-integrations-bot bot pushed a commit that referenced this pull request Jun 7, 2024
@L3n41c @steveny91 @github-actions
Upgrade requests to 2.32.3 and adds a license validation override…
407707a 
… to ddev (#17702)

* Upgrade `requests` to `2.32.3`

* Add changelog entry

* Bump the `requests-unixsocket` version to requests-unixsocket2==0.4.0

in order to get the following fix: msabramo/requests-unixsocket#72

* update license

* changelog

* Apply suggestions from code review

Co-authored-by: Steven Yuen <steven.yuen@datadoghq.com>

* Regenerate LICENSE-3rdparty.csv

* conflicts

* sync license

* changelog

---------

Co-authored-by: steveny91 <steven.yuen@datadoghq.com>
(cherry picked from commit e1e61e5)
@datadog-agent-integrations-bot datadog-agent-integrations-bot bot mentioned this pull request Jun 7, 2024
Merged
4 tasks
github-actions bot pushed a commit that referenced this pull request Jun 7, 2024
@steveny91
Upgrade requests to 2.32.3 and adds a license validation override…
784fac6 
… to ddev (#17702)

* Upgrade `requests` to `2.32.3`

* Add changelog entry

* Bump the `requests-unixsocket` version to requests-unixsocket2==0.4.0

in order to get the following fix: msabramo/requests-unixsocket#72

* update license

* changelog

* Apply suggestions from code review

Co-authored-by: Steven Yuen <steven.yuen@datadoghq.com>

* Regenerate LICENSE-3rdparty.csv

* conflicts

* sync license

* changelog

---------

Co-authored-by: steveny91 <steven.yuen@datadoghq.com> e1e61e5
steveny91 pushed a commit that referenced this pull request Jun 10, 2024
@datadog-agent-integrations-bot @L3n41c
Upgrade requests to 2.32.3 and adds a license validation override…
8102453 
… to ddev (#17702) (#17776)

* Upgrade `requests` to `2.32.3`

* Add changelog entry

* Bump the `requests-unixsocket` version to requests-unixsocket2==0.4.0

in order to get the following fix: msabramo/requests-unixsocket#72

* update license

* changelog

* Apply suggestions from code review

Co-authored-by: Steven Yuen <steven.yuen@datadoghq.com>

* Regenerate LICENSE-3rdparty.csv

* conflicts

* sync license

* changelog

---------

Co-authored-by: steveny91 <steven.yuen@datadoghq.com>
(cherry picked from commit e1e61e5)

Co-authored-by: Lénaïc Huard <L3n41c@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@steveny91 steveny91 steveny91 left review comments

@Kyle-Neale Kyle-Neale Kyle-Neale approved these changes

Assignees

No one assigned

Labels

backport/7.55.x base_package dependencies dev_package dev/tooling team/agent-integrations

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@L3n41c @steveny91 @Kyle-Neale