chore: Upgrade all Python dependencies to latest versions#184
Conversation
Exception: pyarrow==21.0.0 due to bug with s3 uploads
|
Important Review skippedAuto incremental reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the 📝 WalkthroughWalkthroughThe pull request adds Changes
Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 3❌ Failed checks (3 warnings)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
elt-common/pyproject.toml (1)
29-39: Critical: Dev dependencies do not meet security requirements from issue #178.The PR claims to fix issue #178, but the dev dependencies listed do not satisfy the security requirements specified in that issue:
- Line 36:
requests~=2.32.3— Issue #178 requires>= 2.32.4(target 2.32.5) to address CVE-2024-47081.- Line 38:
ruff~=0.11.11— Issue #178 requires>= 0.14.10to address an improper neutralisation vulnerability.- Line 33:
pytest~=8.3.5— Issue #178 recommends upgrading to 9.0.2.These security vulnerabilities remain unaddressed despite the PR claiming to resolve them.
🔒 Proposed fix to address security vulnerabilities
dev = [ "minio~=7.2.16", "prek>=0.1.6", "pydantic-settings~=2.10.1", - "pytest~=8.3.5", + "pytest~=9.0.2", "pytest-httpx~=0.35.0", "pytest-mock~=3.14.1", - "requests~=2.32.3", + "requests~=2.32.5", "requests-mock~=1.12.1", - "ruff~=0.11.11", + "ruff~=0.14.10", ]
🤖 Fix all issues with AI agents
In @elt-common/pyproject.toml:
- Around line 12-14: pyiceberg is still pinned to "pyiceberg~=0.9.1" in
pyproject.toml but should be upgraded to 0.10.0; update the dependency entry to
reference version 0.10.0 (e.g., "pyiceberg~=0.10.0"), regenerate the lock file
(poetry.lock or equivalent), and run the test suite and any packaging/CI checks
to ensure compatibility with the new pyiceberg release.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge base: Disabled due to data retention organization setting
⛔ Files ignored due to path filters (5)
elt-common/uv.lockis excluded by!**/*.lockwarehouses/accelerator/extract_load/accelerator_sharepoint/extract_and_load.py.lockis excluded by!**/*.lockwarehouses/accelerator/extract_load/electricity_sharepoint/extract_and_load.py.lockis excluded by!**/*.lockwarehouses/accelerator/extract_load/opralogweb/extract_and_load.py.lockis excluded by!**/*.lockwarehouses/accelerator/extract_load/statusdisplay/extract_and_load.py.lockis excluded by!**/*.lock
📒 Files selected for processing (1)
elt-common/pyproject.toml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: warehouses end-to-end tests
- GitHub Check: elt-common end-to-end tests
Rely on lock files for locking specific scripts/applications.
Use lock file to fix versions and reducing maintenance burden.
e3493a6 to
de1b3f9
Compare
Summary
Upgrades all deployed Python dependencies with the exception of pyarrow. Pyarrow pinned @ 21.0.0 due to bug with s3 uploads. See #183.
Fixes #178
Fixes #183
Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings.