Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workaround to override zope sub-dependency #1660

Merged
merged 1 commit into from
Aug 18, 2023
Merged

Workaround to override zope sub-dependency #1660

merged 1 commit into from
Aug 18, 2023

Conversation

edwintorres
Copy link
Member

Description

As mentioned in #1658 (comment) a sub-dependency is raising a flag on Snyk review.

For the record, forcing a pass for the snyk check since the vulnerability is in setuptools, which is already at the latest version -- indeed, the explicit fix is to Pin setuptools to version 65.5.1 ; iow, zope.event here is a false positive.

Introduced through [email protected]
Fixed in [email protected]

Tock use pipenv which do not provide a way to override that sub-dependency. But the maintainer offered a workaround.

This PR uses that workaround. A long-term fix to this issue could be the use of pyproject.toml, a new unified Python project settings file. But that option requires more exploratory work.

@edwintorres edwintorres requested a review from cantsin August 18, 2023 18:01
@codecov-commenter
Copy link

Codecov Report

Merging #1660 (6e8e811) into main (254be87) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #1660   +/-   ##
=======================================
  Coverage   94.17%   94.17%           
=======================================
  Files          66       66           
  Lines        4158     4158           
=======================================
  Hits         3916     3916           
  Misses        242      242

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

cantsin
cantsin approved these changes Aug 18, 2023
View reviewed changes
Copy link
Member

@cantsin cantsin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

amazing work @edwintorres !!

@cantsin cantsin merged commit ec76c42 into main Aug 18, 2023
@cantsin cantsin deleted the et-fixZopeSubdependency branch August 18, 2023 18:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cantsin cantsin cantsin approved these changes

Assignees
No one assigned
Labels
compliance
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@edwintorres @codecov-commenter @cantsin