Upgrade dependencies 2023-11-27 (#5723)

[dsotirho-ucsc]

Connected issues: #5723

Checklist

Author

• PR is a draft
• Target branch is develop
• Name of PR branch matches issues/<GitHub handle of author>/<issue#>-<slug>
• PR title references all connected issues
• PR title matches¹ that of a connected issue _{or comment in PR explains why they're different}
• For each connected issue, there is at least one commit whose title references that issue
• PR is connected to all connected issues via ZenHub
• PR description links to connected issues
• Added p tag to titles of partial commits
• Added partial label to PR _{or this PR completely resolves all connected issues}
• All connected issues are resolved partially _{or this PR does not have the partial label}

¹ when the issue title describes a problem, the corresponding PR
title is Fix: followed by the issue title

Author (reindex, API changes)

• Added r tag to commit title _{or this PR does not require reindexing}
• Added reindex label to PR _{or this PR does not require reindexing}
• PR and connected issue are labeled API _{or this PR does not modify a REST API}
• Added a (A) tag to commit title for backwards (in)compatible changes _{or this PR does not modify a REST API}
• Updated REST API version number in app.py _{or this PR does not modify a REST API}

Author (chains)

• This PR is blocked by previous PR in the chain _{or this PR is not chained to another PR}
• Added base label to the blocking PR _{or this PR is not chained to another PR}
• Added chained label to this PR _{or this PR is not chained to another PR}

Author (upgrading)

• Documented upgrading of deployments in UPGRADING.rst _{or this PR does not require upgrading}
• Added u tag to commit title _{or this PR does not require upgrading}
• Added upgrade label to PR _{or this PR does not require upgrading}

Author (operator tasks)

• Added checklist items for additional operator tasks _{or this PR does not require additional tasks}

Author (hotfixes)

• Added F tag to main commit title _{or this PR does not include permanent fix for a temporary hotfix}
• Reverted the temporary hotfixes for any connected issues _{or the prod branch has no temporary hotfixes for any connected issues}

Author (before every review)

• Rebased PR branch on develop, squashed old fixups
• Ran make requirements_update _{or this PR does not touch requirements*.txt, common.mk, Makefile and Dockerfile}
• Added R tag to commit title _{or this PR does not touch requirements*.txt}
• Added reqs label to PR _{or this PR does not touch requirements*.txt}
• make integration_test passes in personal deployment _{or this PR does not touch functionality that could break the IT}

Peer reviewer (after requesting changes)

Uncheck the Author (before every review) checklists.

Peer reviewer (after approval)

• PR is not a draft
• Ticket is in Review requested column
• Requested review from primary reviewer
• Assigned PR to primary reviewer

Primary reviewer (after requesting changes)

Uncheck the before every review checklists. Update the N reviews label.

Primary reviewer (after approval)

• Actually approved the PR
• Labeled connected issues as demo or no demo
• Commented on connected issues about demo expectations _{or all connected issues are labeled no demo}
• Decided if PR can be labeled no sandbox
• PR title is appropriate as title of merge commit
• N reviews label is accurate
• Moved ticket to Approved column
• Assigned PR to current operator

Operator (before pushing merge the commit)

• Checked reindex label and r commit title tag
• Checked that demo expectations are clear _{or all connected issues are labeled no demo}
• PR has checklist items for upgrading instructions _{or PR is not labeled upgrade}
• Squashed PR branch and rebased onto develop
• Sanity-checked history
• Pushed PR branch to GitHub
• Deployed dev.shared
• Pushed PR branch to GitLab dev and added sandbox label _{or PR is labeled no sandbox}
• Deployed anvildev.shared
• Pushed PR branch to GitLab anvildev _{or PR is labeled no sandbox}
• Deployed anvilprod.shared
• Pushed PR branch to GitLab anvilprod _{or PR is labeled no sandbox}
• Build passes in sandbox deployment _{or PR is labeled no sandbox}
• Build passes in anvilbox deployment _{or PR is labeled no sandbox}
• Build passes in hammerbox deployment _{or PR is labeled no sandbox}
• Reviewed build logs for anomalies in sandbox deployment _{or PR is labeled no sandbox}
• Reviewed build logs for anomalies in anvilbox deployment _{or PR is labeled no sandbox}
• Reviewed build logs for anomalies in hammerbox deployment _{or PR is labeled no sandbox}
• Deleted unreferenced indices in sandbox _{or this PR does not remove catalogs or otherwise causes unreferenced indices}
• Deleted unreferenced indices in anvilbox _{or this PR does not remove catalogs or otherwise causes unreferenced indices}
• Deleted unreferenced indices in hammerbox _{or this PR does not remove catalogs or otherwise causes unreferenced indices}
• Started reindex in sandbox _{or this PR does not require reindexing sandbox}
• Started reindex in anvilbox _{or this PR does not require reindexing sandbox}
• Started reindex in hammerbox _{or this PR does not require reindexing sandbox}
• Checked for failures in sandbox _{or this PR does not require reindexing sandbox}
• Checked for failures in anvilbox _{or this PR does not require reindexing sandbox}
• Checked for failures in hammerbox _{or this PR does not require reindexing sandbox}
• Title of merge commit starts with title from this PR
• Added PR reference to merge commit title
• Collected commit title tags in merge commit title _{but only include p if the PR is labeled partial}
• Moved connected issues to Merged column in ZenHub
• Pushed merge commit to GitHub

Operator (chain shortening)

• Changed the target branch of the blocked PR to develop _{or this PR is not labeled base}
• Removed the chained label from the blocked PR _{or this PR is not labeled base}
• Removed the blocking relationship from the blocked PR _{or this PR is not labeled base}
• Removed the base label from this PR _{or this PR is not labeled base}

Operator (after pushing the merge commit)

• Deployed dev.gitlab
• Ran make -C terraform/gitlab/runner (to dev.gitlab)
• Pushed merge commit to GitLab dev _{or PR is labeled no sandbox}
• Deployed anvildev.gitlab
• Ran make -C terraform/gitlab/runner (to anvildev.gitlab)
• Pushed merge commit to GitLab anvildev _{or PR is labeled no sandbox}
• Deployed anvilprod.gitlab
• Ran make -C terraform/gitlab/runner (to anvilprod.gitlab)
• Pushed merge commit to GitLab anvilprod _{or PR is labeled no sandbox}
• Build passes on GitLab dev¹
• Reviewed build logs for anomalies on GitLab dev¹
• Build passes on GitLab anvildev¹
• Reviewed build logs for anomalies on GitLab anvildev¹
• Build passes on GitLab anvilprod¹
• Reviewed build logs for anomalies on GitLab anvilprod¹
• Deleted PR branch from GitHub
• Deleted PR branch from GitLab dev
• Deleted PR branch from GitLab anvildev
• Deleted PR branch from GitLab anvilprod

¹ When pushing the merge commit is skipped due to the PR being
labelled no sandbox, the next build triggered by a PR whose merge commit is
pushed determines this checklist item.

Operator (reindex)

• Deleted unreferenced indices in dev _{or this PR does not remove catalogs or otherwise causes unreferenced indices}
• Deleted unreferenced indices in anvildev _{or this PR does not remove catalogs or otherwise causes unreferenced indices}
• Deleted unreferenced indices in anvilprod _{or this PR does not remove catalogs or otherwise causes unreferenced indices}
• Started reindex in dev _{or this PR does not require reindexing}
• Started reindex in anvildev _{or this PR does not require reindexing}
• Started reindex in anvilprod _{or this PR does not require reindexing}
• Checked for and triaged indexing failures in dev _{or this PR does not require reindexing}
• Checked for and triaged indexing failures in anvildev _{or this PR does not require reindexing}
• Checked for and triaged indexing failures in anvilprod _{or this PR does not require reindexing}
• Emptied fail queues in dev deployment _{or this PR does not require reindexing}
• Emptied fail queues in anvildev deployment _{or this PR does not require reindexing}
• Emptied fail queues in anvilprod deployment _{or this PR does not require reindexing}

Primary Reviewer

• Review exported Inspector findings (Upgrade dependencies 2023-11-27 #5723 (comment))

Operator

• Added CL items to prod promotion PR:

• Deployed prod.shared
• Deployed prod.gitlab
• Ran make -C terraform/gitlab/runner (to prod.gitlab)

• Unassigned PR

Shorthand for review comments

• L line is too long
• W line wrapping is wrong
• Q bad quotes
• F other formatting problem

[coveralls]

coverage: 83.071% (+0.005%) from 83.066%
when pulling 1520f6f on issues/dsotirho-ucsc/5723-upgrade-dependencies
into 0bd9865 on develop.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (0bd9865) 83.04% compared to head (1520f6f) 83.05%.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #5735   +/-   ##
========================================
  Coverage    83.04%   83.05%           
========================================
  Files          153      153           
  Lines        19410    19416    +6     
========================================
+ Hits         16119    16125    +6     
  Misses        3291     3291           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[dsotirho-ucsc]

PR was deployed to personal deployment & passed tests including IT.
PR was deployed to GitLab dev (for the GitLab update) and pushed to sandbox. Pipeline 28706 successfully.

[achave11-ucsc]

Changes look good, nicely done. A few nits.
Also consider doing another pass over your Inspector script, it might benefit from having more type hints and other misc formatting changes.

[achave11-ucsc]

U… might be a typo here.

[achave11-ucsc]

Consider adhering to a single format, whether it be f-strings or concatenation, I think it might improve consistency.

[achave11-ucsc]

Also consider a space character after the comma in the join command, to improve readability.

[achave11-ucsc]

The comment might be redundant, I think it's protocol (has been enforced during review process) to use the most recent client or resource API version available.

[achave11-ucsc]

Reference the fourth bulleted item in https://github.com/DataBiosphere/azul/blob/develop/CONTRIBUTING.rst#logging.

[achave11-ucsc]

Same here.

[achave11-ucsc]

Also here.

[achave11-ucsc]

This looks to me like what the first bulleted item in https://github.com/DataBiosphere/azul/blob/develop/CONTRIBUTING.rst#control-flow describes.

[achave11-ucsc]

Would len(findings) not achieve the same here?
The counter might be unnecessary.

[dsotirho-ucsc]

finding_count is the total number of findings (that matched the specified severity), while len(findings) gives the number of unique vulnerabilities (e.g. CVE-1234), which can have one or more finding associated with it. Not entirely necessary as log output however, I'll clean this up.

[achave11-ucsc]

The definition of this method seems a bit complicated. Consider doing another pass over this method to see if it might do with a bit of de-duplication or simplification.

[achave11-ucsc]

Additionally, a bit of preprocessing might help cleanup and address what looks like a bail-out.

[dsotirho-ucsc]

Note: I amended the Update GitLab… commit (instead of adding a fixup) to change the new version to 6.16.1 (instead of 6.16.0).

PR was redeployed to dev.gitlab to test GitLab 6.16.1, and the PR passed on sandbox (Pipeline 28731)

[achave11-ucsc]

🦭✅

[hannes-ucsc]

When I rebased, some of the commits were squashed out. I also ran make requirements_update again.