Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unpin urllib3 #4662

Closed
wants to merge 1 commit into from
Closed

Unpin urllib3 #4662

wants to merge 1 commit into from

Conversation

StevenMaude
Copy link
Contributor

v2.2.3 is the latest urllib3 and we've had Dependabot pull requests update this version.

Example: #4609

Therefore, this comment is no longer correct, and it implies the pinning is no longer required.

@StevenMaude
Unpin urllib3
5fcaba7 
v2.2.3 is the latest `urllib3` and we've had Dependabot pull requests
update this version.

Example: #4609

Therefore, this comment is no longer correct, and it implies the pinning
is no longer required.
@StevenMaude
Copy link
Contributor Author

StevenMaude commented Oct 10, 2024
edited
Loading

It seems Dependabot ignored/ignores the pinning in the input requirements:

c8cc49d

🤷‍♂️

It's possible it was a interactively created security update, maybe, but urllib3 v1 is or at least was still maintained until 2024-06 🤷‍♂️ so I don't know really what's happened here.

@StevenMaude StevenMaude enabled auto-merge October 10, 2024 16:36
@StevenMaude StevenMaude disabled auto-merge October 10, 2024 17:11
@StevenMaude
Copy link
Contributor Author

As pointed out by @lucyb on Slack, it could be that the urllib3 version relates to the cause of some OpenTelemetry errors. In that case, we should actually repin the version, and retain the comment (or some form of it).

@StevenMaude StevenMaude marked this pull request as draft October 10, 2024 17:27
@StevenMaude
Copy link
Contributor Author

I'm going to close this and open an issue for it instead, as it's unclear whether we should actually pin to an older version.

@StevenMaude StevenMaude deleted the steve/remove-urllib-pinning branch October 30, 2024 09:55
@StevenMaude StevenMaude mentioned this pull request Oct 30, 2024
Open
@StevenMaude
Copy link
Contributor Author

Closed in favour of a decision to be made in #4715.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@StevenMaude