Skip to content

Maintenance: Fix transitive dependency resolution #5857

New issue
New issue
Closed
#5859
#5858
Closed
Maintenance: Fix transitive dependency resolution#5857
#5859
#5858
Labels
internalMaintenance changestriagePending triage from maintainers
@leandrodamascena

Description

@leandrodamascena
leandrodamascena
opened on Jan 13, 2025
Contributor

Why is this needed?

Some dependencies like boto3 depend on urllib and dependency resolution fails sometimes.

Some other dependencies like aws-requests-auth are bringing in requests as an optional dependency, but they are not pinning the minimum version of requests and are installing requests==0.14.0 which has a potential CVE. Even this does not affect customers, because it is a development dependency, it is important to fix.

Which area does this relate to?

Automation

Solution

No response

Acknowledgment

  • This request meets Powertools for AWS Lambda (Python) Tenets
    Should this be considered in other Powertools for AWS Lambda languages? i.e. Java, TypeScript, and .NET

Activity

leandrodamascena
added
internalMaintenance changes
triagePending triage from maintainers
on Jan 13, 2025
github-project-automation
added this to Powertools for AWS Lambda (Python)on Jan 13, 2025
github-project-automation
moved this to Triage in Powertools for AWS Lambda (Python)on Jan 13, 2025
leandrodamascena
mentioned this on Jan 13, 2025
leandrodamascena
linked a pull request that will close this issuechore(ci): fix dependency resolution #5858on Jan 13, 2025
leandrodamascena
closed this as completedin #5858on Jan 13, 2025
github-project-automation
moved this from Triage to Coming soon in Powertools for AWS Lambda (Python)on Jan 13, 2025
github-actions

github-actions commented on Jan 13, 2025

@github-actions
github-actionsbot
on Jan 13, 2025
Contributor

⚠️COMMENT VISIBILITY WARNING⚠️

This issue is now closed. Please be mindful that future comments are hard for our team to see.

If you need more assistance, please either tag a team member or open a new issue that references this one.

If you wish to keep having a conversation with other community members under this issue feel free to do so.

github-actions
added
pending-releaseFix or implementation already in dev waiting to be released
on Jan 13, 2025
leandrodamascena
mentioned this on Jan 13, 2025
leandrodamascena
linked a pull request that will close this issuechore(ci): fix dependency resolution #5859on Jan 13, 2025
dreamorosi
mentioned this on Jan 20, 2025
leandrodamascena
removed
pending-releaseFix or implementation already in dev waiting to be released
on Jan 20, 2025
leandrodamascena
moved this from Coming soon to Shipped in Powertools for AWS Lambda (Python)on Jan 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    internalMaintenance changestriagePending triage from maintainers

    Type

    No type

    Projects

    Powertools for AWS Lambda (Python)

    Status

    Shipped

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @leandrodamascena

      Issue actions
        Maintenance: Fix transitive dependency resolution · Issue #5857 · aws-powertools/powertools-lambda-python