Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Upgrade requests to improve mild security report #1453

Closed
amahussein opened this issue Dec 6, 2024 · 0 comments · Fixed by #1486
Closed

[BUG] Upgrade requests to improve mild security report #1453

amahussein opened this issue Dec 6, 2024 · 0 comments · Fixed by #1486
Labels
bug Something isn't working user_tools Scope the wrapper module running CSP, QualX, and reports (python)

Comments

@amahussein
Copy link
Collaborator

Describe the bug

There are 2 alerts in the gitub dependapot.
Probably we are tight to those because of the support of Python 3.8.

https://github.com/NVIDIA/spark-rapids-tools/security/dependabot/15

Remediation

Any of these options can be used to remediate the current issue, we highly recommend upgrading as the preferred mitigation.

    Upgrade to requests>=2.32.0.
    For requests<2.32.0, avoid setting verify=False for the first request to a host while using a Requests Session.
    For requests<2.32.0, call close() on Session objects to clear existing connections if verify=False is used.
@amahussein amahussein added ? - Needs Triage bug Something isn't working user_tools Scope the wrapper module running CSP, QualX, and reports (python) labels Dec 6, 2024
amahussein added a commit to amahussein/spark-rapids-tools that referenced this issue Jan 3, 2025
@amahussein
Support Python 3.9-3.12
9dd8f6b 
Fixes NVIDIA#1153
Fixes NVIDIA#1453

* bump pylint to 3.3.0
* remove idna and bump fire and packaging
* add 3.12 to githubworkflows and remove 3.8
* remove upper bound for numpy
* remove unused beautifulsoup
* Update the README file to reflect the minimum python 3.9

Signed-off-by: Ahmed Hussein (amahussein) <[email protected]>
@amahussein amahussein mentioned this issue Jan 3, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working user_tools Scope the wrapper module running CSP, QualX, and reports (python)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support Python 3.9-3.12 amahussein/spark-rapids-tools
2 participants
@mattahrens @amahussein