Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Pymongo throughout to resolve security notifications in dependabot #188

Merged
merged 7 commits into from
Aug 19, 2024
Merged

Upgrade Pymongo throughout to resolve security notifications in dependabot #188

merged 7 commits into from
Aug 19, 2024

Conversation

stevenmccullaghmadetech
Copy link
Contributor

What

Please include a summary of the changes and the related issue

Why

Please include details of the reasoning for these changes

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Internal change (non-breaking change with no effect on the functionality affecting end users)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • I have performed a self-review of my code
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • I have updated the Changelog with details of my change in the UNRELEASED section if this change will affect end users

Alex-Nita
Alex-Nita previously approved these changes Aug 16, 2024
View reviewed changes
adrianclay
adrianclay previously requested changes Aug 18, 2024
View reviewed changes
Copy link
Collaborator

@adrianclay adrianclay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR doesn't seem to address the source of the outdated Pymongo, which is a very old version of motor within the common module.

I propose we instead upgrade that, instead of adding an additional dependency on pymongo everywhere.

@stevenmccullaghmadetech
Copy link
Contributor Author

@adrianclay Both the setup.py and Pipfile within the common module request motor 3.5.1 which is the latest tag of the repo you linked to and and the latest version here: https://pypi.org/project/motor/

@adrianclay
Copy link
Collaborator

In that case I wouldn't bother with trying to fix the Dependabot alert. It appears to be only relevant when connecting to an untrusted Mongo server.

Alex-Nita
Alex-Nita previously approved these changes Aug 19, 2024
View reviewed changes
Alex-Nita
Alex-Nita previously approved these changes Aug 19, 2024
View reviewed changes
@stevenmccullaghmadetech stevenmccullaghmadetech merged commit d75ba28 into main Aug 19, 2024
1 check passed
@stevenmccullaghmadetech stevenmccullaghmadetech deleted the NIAD-2570_securityupdates2 branch August 19, 2024 10:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Alex-Nita Alex-Nita Alex-Nita approved these changes

@adrianclay adrianclay adrianclay left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stevenmccullaghmadetech @adrianclay @Alex-Nita