Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade werkzeug and connexion from version 2 to 3 #592

Open
burnettk opened this issue Oct 26, 2023 · 0 comments
Open

upgrade werkzeug and connexion from version 2 to 3 #592

burnettk opened this issue Oct 26, 2023 · 0 comments

Comments

@burnettk
Copy link
Contributor

there is a snyk failure:

Upgrade [email protected] to [email protected] to fix
  ✗ Inefficient Algorithmic Complexity (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177] in [email protected]
    introduced by [email protected] and [18](https://github.com/sartography/spiff-arena/actions/runs/6655795109/job/18086859698?pr=590#step:4:19) other path(s)

because it wants a connexion upgrade, and we can't easily upgrade it because connexion it is using the old flask json API. connexion (which is also on major version 2 in backend) has a version 3 alpha release:

https://pypi.org/project/connexion/#history

but this version 3 alpha release, even if we wanted to upgrade, is also not a drop-in replacement for version 2. we have marked the snyk issue until we can resolve this github issue.

hoping to defer this for as long as possible to see if the connexion library version 3 release comes out of its alpha state, and then we can more confidently do the work required to get compatible with that new release.
@github-project-automation github-project-automation bot moved this to New Issue in SpiffWorkflow Oct 26, 2023
@calexh-sar calexh-sar moved this from New Issue to Backlog in SpiffWorkflow Nov 15, 2023
@calexh-sar calexh-sar added this to the Sartography Sprint Issues milestone Feb 22, 2024
@danfunk danfunk removed this from the Sartography Sprint Issues milestone Mar 12, 2024
@coderabbitai coderabbitai bot mentioned this issue Dec 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
SpiffWorkflow
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@burnettk @danfunk @calexh-sar