Skip to content

Dependencies update patch #223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 21, 2022
Merged

Dependencies update patch #223

merged 4 commits into from
Jul 21, 2022

Conversation

DifferentialOrange
Copy link
Member

@DifferentialOrange DifferentialOrange commented Jul 18, 2022
edited
Loading

ci: remove unused msgpack variable in EE test

Tests with Tarantool EE runs only with latest msgpack, so "msgpack-deps" variable and Actions steps for it are not used.

deps: bump msgpack requirement to 1.0.4

In this patch we bump msgpack requirement since version 1.0.4 has various vulnerability fixes (for example, [1]). Since the code is still compatible with msgpack-python and older msgpack, tests are not removed in this patch.

  1. fix compiler warnings msgpack/msgpack-python#153

deps: bump test PyYAML requirement to 6.0

In this patch we bump PyYAML requirement since version 6.0 has various vulnerability fixes (see [1-3]). Since PyYAML is used only in tests, the only reason of this patch is to remove Dependabot alerts. After migrating to GitHub Actions issue [4] is no longer relevant, so we are not restricted to using 5.2b1 version. There is no PyYAML 6.0 for Python 3.5 since it reached the end of its life on September 13th, 2020. So this patch removed Python 3.5 pipeline as well.

  1. https://github.com/tarantool/tarantool-python/security/dependabot/1
  2. https://github.com/tarantool/tarantool-python/security/dependabot/2
  3. https://github.com/tarantool/tarantool-python/security/dependabot/3
  4. 4f79627

ci: install Tarantool 2.10 with GitHub Actions

After update [1] and Tarantool 2.10 release it is possible to install it with setup-tarantool tools. This patch uses setup-tarantool to install release Tarantool 2.10 instead of pre-release one.

  1. tarantool/setup-tarantool@6c88e71

oleg-jukovec
oleg-jukovec approved these changes Jul 19, 2022
View reviewed changes
Copy link
Contributor

@oleg-jukovec oleg-jukovec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the patch! LGTM after resolving the conversations.

@DifferentialOrange DifferentialOrange force-pushed the DifferentialOrange/update-deps branch 2 times, most recently from 5ec2dde to 0d74706 Compare July 19, 2022 10:55
@DifferentialOrange
ci: remove unused msgpack variable in EE test
6845418 
Tests with Tarantool EE runs only with latest msgpack, so "msgpack-deps"
variable and Actions steps for it are not used.
@DifferentialOrange DifferentialOrange force-pushed the DifferentialOrange/update-deps branch from 0d74706 to 2ebb65e Compare July 19, 2022 11:04
@DifferentialOrange
deps: bump msgpack requirement to 1.0.4
39793c1 
In this patch we bump msgpack requirement since version 1.0.4 has
various vulnerability fixes (for example, [1]). Since the code is still
compatible with msgpack-python and older msgpack, tests are not removed
in this patch.

1. msgpack/msgpack-python#153
@DifferentialOrange
deps: bump test PyYAML requirement to 6.0
aa6dd4e 
In this patch we bump PyYAML requirement since version 6.0 has
various vulnerability fixes (see [1-3]). Since PyYAML is used only
in tests, the only reason of this patch is to remove Dependabot alerts.
After migrating to GitHub Actions issue [4] is no longer relevant,
so we are not restricted to using 5.2b1 version. There is no PyYAML 6.0
for Python 3.5 since it reached the end of its life on September 13th,
2020. So this patch removed Python 3.5 pipeline as well.

1. https://github.com/tarantool/tarantool-python/security/dependabot/1
2. https://github.com/tarantool/tarantool-python/security/dependabot/2
3. https://github.com/tarantool/tarantool-python/security/dependabot/3
4. 4f79627
@DifferentialOrange DifferentialOrange force-pushed the DifferentialOrange/update-deps branch 3 times, most recently from 56e978f to cbbd7e5 Compare July 19, 2022 14:50
@DifferentialOrange
ci: install Tarantool 2.10 with GitHub Actions
f2e2baa 
After update [1] and Tarantool 2.10 release it is possible to install it
with setup-tarantool tools. This patch uses setup-tarantool to install
release Tarantool 2.10 instead of pre-release one.

1. tarantool/setup-tarantool@6c88e71
@DifferentialOrange DifferentialOrange force-pushed the DifferentialOrange/update-deps branch from 00e2922 to f2e2baa Compare July 19, 2022 15:20
LeonidVas
LeonidVas approved these changes Jul 21, 2022
View reviewed changes
Copy link

@LeonidVas LeonidVas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@DifferentialOrange DifferentialOrange merged commit 1b8d44a into master Jul 21, 2022
@DifferentialOrange DifferentialOrange deleted the DifferentialOrange/update-deps branch July 21, 2022 14:35
DifferentialOrange added a commit that referenced this pull request Oct 28, 2022
@DifferentialOrange
setup: remove msgpack version dependency
897275e 
The only reason of this dependency is various vulnerability fixes. We
decided not to enforce the user on this.

Follows #223, part of #198
DifferentialOrange added a commit that referenced this pull request Oct 31, 2022
@DifferentialOrange
setup: remove msgpack version dependency
bd418b0 
The only reason of this dependency is various vulnerability fixes. We
decided not to enforce the user on this.

Follows #223, part of #198
DifferentialOrange added a commit that referenced this pull request Oct 31, 2022
@DifferentialOrange
setup: remove msgpack version dependency
ce14655 
The only reason of this dependency is various vulnerability fixes. We
decided not to enforce the user on this.

Follows #223, part of #198
DifferentialOrange added a commit that referenced this pull request Nov 9, 2022
@DifferentialOrange
setup: remove msgpack version dependency
7569ce0 
The only reason of this dependency is various vulnerability fixes. We
decided not to enforce the user on this.

Follows #223, part of #198
DifferentialOrange added a commit that referenced this pull request Nov 9, 2022
@DifferentialOrange
setup: remove msgpack version dependency
ff297ec 
The only reason of this dependency is various vulnerability fixes. We
decided not to enforce the user on this.

Follows #223, part of #198
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Totktonada Totktonada Totktonada left review comments

@oleg-jukovec oleg-jukovec oleg-jukovec approved these changes

@LeonidVas LeonidVas LeonidVas approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@DifferentialOrange @Totktonada @oleg-jukovec @LeonidVas