Update versions of packages in poetry.lock for dependabot #412
Conversation
FrankD412
force-pushed
the
security/version_updates
branch
from
6560847 to
7897637
Compare
|
@FrankD412 do you want to remove 3.7 from the test section as well? Or do we want it for testing? |
|
Oh it looks like I missed the second version matrix. I'll fix that. Good catch @doutriaux1 |
There was a problem hiding this comment.
I'd say lets leave 3.7 in here for a while as there are still quite a few users on that version. Also, is it too early to flip the switch on 3.11 in the matrix?
Additionally, be sure and remove fabric from the dev-dependencies in pyproject.toml as well so poetry doesn't try and pick it up again later.
Alright removed |
|
ok, looks like we need one last change: update the sphinx version in the lock file to get the rtd builds passing again. lock file has it at 3.5, and would appear we need at least > 4.2 to support python >= 3.10. unsure if there's any reason to pin it to anything earlier than 5.x, but it's not long for the builds anyway so up to you on the version. |
All fixed! |
1.1.10 Release (#432) * Sync up read the docs config with dev environments using poetry (#399) * Print usage on command line when no args are provided (#404) * Add sacct fallback to slurm adapter to improve robustness of job tracking (#405) * Update Flurm Job State mappings for flux versions >= 0.26 (#407) * Bump certifi from 2021.10.8 to 2022.12.7 to address security issue (#409) * Bump cryptography from 37.0.1 to 38.0.3 to address security issue (#410) * Add missing shbang in unscheduled scripts from lsf adapter (#411) * Update poetry lockfile to address dependabot flagged security issues (#412) * Fix for Dockerfile smell DL3006 (#418) * Port Maestro documentation to mkdocs and expand coverage of features and tutorials (#403) * Update version info to be driven from pyproject.toml exclusively, and hook up to command line (#419) * Pin mermaid to < 10.x due to api change (#422) * Bump lock file certifi from 2022.12.7 to 2023.7.22 to address security issue (#426) * Refactor flux adapter to avoid using pickle to talk to flux brokers installed in external environments (#415) Also adds flux integration tests to exercise against real flux brokers * Add pager functionality to status command (#420) * Patch broken flux job cancellation (#428) * Insulate slurm adapters from user customization of squeue and sacct output formats (#431) Also adds live unit and integration tests for slurm adapter --------- Co-authored-by: Francesco Di Natale <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Bruno P. Kinoshita <[email protected]> Co-authored-by: Charles Doutriaux <[email protected]> Co-authored-by: Giovanni Rosa <[email protected]> Co-authored-by: Brian Gunnarson <[email protected]>
1.1.10 Release (#432) * Sync up read the docs config with dev environments using poetry (#399) * Print usage on command line when no args are provided (#404) * Add sacct fallback to slurm adapter to improve robustness of job tracking (#405) * Update Flurm Job State mappings for flux versions >= 0.26 (#407) * Bump certifi from 2021.10.8 to 2022.12.7 to address security issue (#409) * Bump cryptography from 37.0.1 to 38.0.3 to address security issue (#410) * Add missing shbang in unscheduled scripts from lsf adapter (#411) * Update poetry lockfile to address dependabot flagged security issues (#412) * Fix for Dockerfile smell DL3006 (#418) * Port Maestro documentation to mkdocs and expand coverage of features and tutorials (#403) * Update version info to be driven from pyproject.toml exclusively, and hook up to command line (#419) * Pin mermaid to < 10.x due to api change (#422) * Bump lock file certifi from 2022.12.7 to 2023.7.22 to address security issue (#426) * Refactor flux adapter to avoid using pickle to talk to flux brokers installed in external environments (#415) Also adds flux integration tests to exercise against real flux brokers * Add pager functionality to status command (#420) * Patch broken flux job cancellation (#428) * Insulate slurm adapters from user customization of squeue and sacct output formats (#431) Also adds live unit and integration tests for slurm adapter --------- Co-authored-by: Francesco Di Natale <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Bruno P. Kinoshita <[email protected]> Co-authored-by: Charles Doutriaux <[email protected]> Co-authored-by: Giovanni Rosa <[email protected]> Co-authored-by: Brian Gunnarson <[email protected]>
There have been some recent warnings from dependabot about security issues related to
pyandsetuptools. This MR updates the dependencies so that we are using more recent dependencies. This MR also updates to the most recentpoetry-coreand updatespytestwith a minimum requirement to removepyas a dependency.NOTE: This MR removes Python 3.7 as a minimum version -- it seems that
pyis required for anything lower than 3.8. It seems that Python 3.7 is EOL in June, so we're slightly ahead on deprecating it in Maestro.