Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependencies #34

Closed
wants to merge 1 commit into from
Closed

Update dependencies #34

wants to merge 1 commit into from

Conversation

ConsoleCatzirl
Copy link
Member

@ConsoleCatzirl ConsoleCatzirl commented Dec 8, 2022
edited
Loading

A recent PR proposed by dependabot is failing to install dependencies
in TravisCI. Update dependencies using pipenv update --dev to resolve
the security alert, and update to python3.10 to avoid a conflict
between setuptools and importlib-metadata.

Also upgrade the OS to Bionic for an approximate kernel match with the
lambda runtime environment.

https://askubuntu.com/questions/517136/list-of-ubuntu-versions-with-corresponding-linux-kernel-version
https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html

@ConsoleCatzirl ConsoleCatzirl requested review from a team as code owners December 8, 2022 19:07
@ConsoleCatzirl ConsoleCatzirl force-pushed the dependabot branch 2 times, most recently from 8a62732 to 647eb13 Compare December 8, 2022 19:27
zaro0508
zaro0508 requested changes Dec 8, 2022
View reviewed changes
Copy link
Contributor

@zaro0508 zaro0508 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please explain the process that you used to update the Pipfile.lock?

.travis.yml Outdated
@@ -9,6 +9,7 @@ env:
- LAMBDA_BUCKET="essentials-awss3lambdaartifactsbucket-x29ftznj6pqw"
- CFN_BUCKET="bootstrap-awss3cloudformationbucket-19qromfd235z9"
install:
- pip install -U 'importlib-metadata>=0.21'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why did you add this?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pipenv is upgrading setuptools to a version that conflicts with the version of import-metadata installed in travis, and I think upgrading in travis is cleaner than adding import-metadata (and/or setuptools) to our Pipfile.

here's the bug we're running in to: pypa/setuptools#3293

Copy link
Contributor

@zaro0508 zaro0508 Dec 8, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why would updating importlib-metadata in travis instance update the Pipefile.lock?

also why not try updating the travis distro or python version used in the distro?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry, I missed the question about updating Pipfile.lock, but as I said in the commit message, I ran pipenv update --dev to update that file. and I was trying to avoid updating template.yaml and just create a minimal PR to unblock dependabot, but I suppose I might as well update the python version too

@ConsoleCatzirl
Update dependencies
a72cfa3 
A recent PR proposed by dependabot is failing to install dependencies
in TravisCI. Update dependencies using `pipenv update --dev` to resolve
the security alert, and update to python3.10 to avoid a conflict
between `setuptools` and `importlib-metadata`.

Also upgrade the OS to Bionic for an approximate kernel match with the
lambda runtime environment.

https://askubuntu.com/questions/517136/list-of-ubuntu-versions-with-corresponding-linux-kernel-version
https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zaro0508 zaro0508 zaro0508 requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ConsoleCatzirl @zaro0508