Skip to content

Security/640 resolve vulnerability with pip#641

Merged
ArBridgeman merged 4 commits into
masterfrom
security/640_resolve_vulnerability_with_pip
Oct 30, 2025
Merged

Security/640 resolve vulnerability with pip#641
ArBridgeman merged 4 commits into
masterfrom
security/640_resolve_vulnerability_with_pip

Conversation

@ArBridgeman
Copy link
Copy Markdown
Collaborator

@ArBridgeman ArBridgeman commented Oct 30, 2025
edited
Loading

closes #640

Checklist

Note: If any of the items in the checklist are not relevant to your PR, leave the box unchecked.

For any Pull Request

Is the following correct:

  • the title of the Pull Request?
  • the title of the corresponding issue?
  • there are no other open Pull Requests for the same update/change?
  • that the issue which this Pull Request fixes ("Fixes...") is mentioned?

When Changes Were Made

Did you:

  • update the changelog?
  • update the implementation?
  • check coverage and add tests: unit tests and, if relevant, integration tests?
  • update the User Guide & other documentation?
  • resolve any failing CI criteria (incl. Sonar quality gate)?

When Preparing a Release

Have you:

  • thought about version number (major, minor, patch)?
  • checked Exasol packages for updates and resolved open vulnerabilities, if easily possible?

ArBridgeman
ArBridgeman commented Oct 30, 2025
View reviewed changes
Comment thread noxconfig.py
def pre_integration_tests_hook(self, session, config, context):
port = context.get("port", 8563)
db_version = context.get("db_version", "7.1.17")
db_version = context.get("db_version", "2025.1.0")
Copy link
Copy Markdown
Collaborator Author

@ArBridgeman ArBridgeman Oct 30, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As the tests currently succeed with 2025.1.0, we update to this latest version for the default database version when executing the integration tests.

In the future, we can hopefully get this from the PROJECT_CONFIG via the inherited BaseConfig.

@ArBridgeman ArBridgeman force-pushed the security/640_resolve_vulnerability_with_pip branch from b94dde1 to e13ecb9 Compare October 30, 2025 12:02
@ArBridgeman
Reverse pytest from 8.4.2 to 7.4.4 as leads to uses with test:sqla
33993b5 
- This is a dev dependency, and we did not update the pyproject.toml.
We will see if sqlalchemy 2.x migration resolves the issue. If not,
then an issue can be created to look into this.
@ArBridgeman ArBridgeman force-pushed the security/640_resolve_vulnerability_with_pip branch from e13ecb9 to 33993b5 Compare October 30, 2025 12:26
ArBridgeman
ArBridgeman commented Oct 30, 2025
View reviewed changes
Comment thread .github/workflows/build-and-publish.yml
steps:
- name: SCM Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
Copy link
Copy Markdown
Collaborator Author

@ArBridgeman ArBridgeman Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

workflow updates are triggered by poetry run -- tbx workflow update and are hand-checked that custom functionality was not lost

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Oct 30, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@ArBridgeman ArBridgeman merged commit 2a64b97 into master Oct 30, 2025
178 of 187 checks passed
@ArBridgeman ArBridgeman deleted the security/640_resolve_vulnerability_with_pip branch October 30, 2025 13:30
This was referenced Oct 30, 2025
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pj-spoelders pj-spoelders pj-spoelders approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Resolve vulnerability with pip

2 participants

@ArBridgeman @pj-spoelders