-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pin the version of the websockets dependency to 12 or 13 #487
Conversation
WalkthroughThe changes involve an update to the Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant Installer
participant PackageRepo
User->>Installer: Install package
Installer->>PackageRepo: Fetch websockets>=12.0,<14.0
PackageRepo-->>Installer: Return compatible version
Installer-->>User: Package installed
📜 Recent review detailsConfiguration used: CodeRabbit UI 📒 Files selected for processing (1)
🔇 Additional comments (2)setup.py (2)
The change to
Let's ensure we're not pinning to versions with known vulnerabilities. ✅ Verification successfulNo security vulnerabilities found in websockets v12.x and v13.x Based on the results:
The version constraint "websockets>=12.0,<14.0" is safe as it's well above the versions affected by known vulnerabilities. 🏁 Scripts executedThe following scripts were executed for the analysis: Script: #!/bin/bash
# Description: Check for security advisories for websockets package versions 12.x and 13.x
# Check PyPI for latest versions in the allowed range
echo "Latest versions on PyPI:"
curl -s https://pypi.org/pypi/websockets/json | \
jq -r '.releases | keys[]' | \
grep -E '^1[23]\.' | sort -V
# Check for security advisories
echo -e "\nSecurity advisories:"
gh api graphql -f query='
{
securityVulnerabilities(first: 10, ecosystem: PIP, package: "websockets") {
nodes {
advisory {
summary
severity
publishedAt
}
vulnerableVersionRange
firstPatchedVersion {
identifier
}
}
}
}'
Length of output: 1042 Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
Proposed changes
Users who install or upgrade this SDK are affected by #483. This PR pins the websocket dependency to v12 or v13, both of which are compatible with the current codebase.
Types of changes
What types of changes does your code introduce to the community Python SDK?
Put an
x
in the boxes that applyChecklist
Put an
x
in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.Further comments
Summary by CodeRabbit
websockets
package to ensure compatibility and stability.