Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(PPS-635): chore(security): update urllib3 and related deps #1132

Merged
merged 4 commits into from
Jan 17, 2024
Merged

(PPS-635): chore(security): update urllib3 and related deps #1132

merged 4 commits into from
Jan 17, 2024

Conversation

Avantol13
Copy link
Contributor

@Avantol13 Avantol13 commented Jan 3, 2024
edited by jira bot
Loading

Jira Tickets:

Relies on:

New Features

Breaking Changes

Bug Fixes

Improvements

  • dependency cleanup. storageclient code migrated from multiple libraries (causing circular dependency issues) to Fence, the only place where the code was used

Dependency updates

  • update urllib3

Deployment changes

k-burt-uch
k-burt-uch previously approved these changes Jan 3, 2024
View reviewed changes
Copy link
Contributor

@k-burt-uch k-burt-uch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checked this branch out locally in a fresh venv, ran poetry install without issue. pytest ran without issue (just confirming things GH actions already told us hahaha)

Approved.

k-burt-uch
k-burt-uch previously approved these changes Jan 8, 2024
View reviewed changes
@k-burt-uch k-burt-uch self-requested a review January 8, 2024 17:17
@k-burt-uch k-burt-uch dismissed their stale review January 8, 2024 17:18

Missed a commit when re-reviewing

k-burt-uch
k-burt-uch requested changes Jan 11, 2024
View reviewed changes
Copy link
Contributor

@k-burt-uch k-burt-uch left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Edit: See #1132 (comment)

I have some concerns about the storage client abstraction. Given this is a security issue wiht a limited timeframe, its not a show stopper.

However, TODOs should be associated with JIRA tickets, especially ones related to input sanitization.

fence/resources/storage/storageclient/cleversafe.py Show resolved Hide resolved
fence/resources/storage/storageclient/cleversafe.py Show resolved Hide resolved
fence/resources/storage/storageclient/cleversafe.py Show resolved Hide resolved
fence/resources/storage/storageclient/cleversafe.py Show resolved Hide resolved
fence/resources/storage/storageclient/cleversafe.py Show resolved Hide resolved
fence/resources/storage/storageclient/cleversafe.py Show resolved Hide resolved
fence/resources/storage/storageclient/cleversafe.py Show resolved Hide resolved
fence/resources/storage/storageclient/google.py Show resolved Hide resolved
fence/resources/storage/storageclient/google.py Show resolved Hide resolved
fence/resources/storage/storageclient/google.py Show resolved Hide resolved
@k-burt-uch
Copy link
Contributor

Resolving previous comments related to storageclient. This was copy and pasted from a separate repo. Making changes in this PR to address issues that have been around previously will muddy the waters in tracing issues from Fence to the previous repo.

@Avantol13
Copy link
Contributor Author

https://ctds-planx.atlassian.net/browse/PXP-11238

Ticket to do storageclient cleanup in the future on a separate PR

@Avantol13 Avantol13 merged commit b1bdd6a into master Jan 17, 2024
10 checks passed
@Avantol13 Avantol13 deleted the chore/sec branch January 17, 2024 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@k-burt-uch k-burt-uch k-burt-uch approved these changes

Assignees
No one assigned
Labels
test-apis-centralizedAuth test-apis-dataUploadTest test-portal-dataUploadTest
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Avantol13 @k-burt-uch