-
Notifications
You must be signed in to change notification settings - Fork 323
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker Build Failing Since Friday #2894
Comments
Specifically:
|
Unclear which version of Python to use for this project. I see many references to Python 3 in the documentation, but I am getting a gyp build error for Python 3 when I try to automatically resolve the audit report:
|
Many of these changes cannot be done automatically. Unfortunately, when |
Difficult to determine exactly what the full dependency tree is, since we are not tracking the lock file. Addressing that in #2899 |
The karma-related CVE's are easy enough to patch: |
Unfortunately, gulp 4.x breaks our tests.
Requested a backport patch to gulp 3.x series. Meanwhile, some work is required to migrate to Gulp v4. |
Patched gulp-imagemin |
Patched gulp-less |
While the npm fixes are nice, it doesn't have anything to do with this issue. This issue is caused by If you don't upgrade pip and leave it at 19, it builds fine. |
You are right. Pip 20.0.1 works fine as well. |
#2908 should fix this issue. However, looking at the Git logs, it appears the change happened in 19.3 instead of 20.0.2. Is anyone able to verify? |
Verified the change happened in Pip 19.3. Fixed as per #2908. https://github.com/pypa/pip/blob/19.3/src/pip/_internal/network/session.py#L219 |
Steps to Reproduce
Expected Result
Actual Results
`
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
added 1262 packages from 1077 contributors and audited 19954 packages in 103.251s
found 72 vulnerabilities (29 low, 16 moderate, 27 high)
run
npm audit fix
to fix them, ornpm audit
for detailsObtaining file:///opt/lemur
ERROR: Command errored out with exit status 1:
command: /usr/bin/python3.6 -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/opt/lemur/setup.py'"'"'; file='"'"'/opt/lemur/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' egg_info
cwd: /opt/lemur/
Complete output (5 lines):
Traceback (most recent call last):
File "", line 1, in
File "/opt/lemur/setup.py", line 27, in
from pip._internal.download import PipSession
ModuleNotFoundError: No module named 'pip._internal.download'
----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
The command '/bin/sh -c npm install --unsafe-perm && pip3 install -e . && node_modules/.bin/gulp build && node_modules/.bin/gulp package --urlContextPath=$(urlContextPath) && apk del build-dependencies' returned a non-zero code: 1
`
The text was updated successfully, but these errors were encountered: