LCORE-2315: Fix CVE in idna

[tisnik]

Description

LCORE-2315: Fix CVE in idna

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up service version
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change
• Unit tests improvement
• Integration tests improvement
• End to end tests improvement
• Benchmarks improvement

Tools used to create PR

• Assisted-by: N/A
• Generated by: N/A

Related Tickets & Documents

• Related Issue #LCORE-2315

Summary by CodeRabbit

• Chores
  • Updated internal dependency pinning and build system configurations for improved system stability.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 8628736a-fd4d-4558-910b-5cb6763cd118

📥 Commits

Reviewing files that changed from the base of the PR and between 3fc3d4a and 1dedf81.

📒 Files selected for processing (4)

• .konflux/requirements.hashes.source.txt
• .konflux/requirements.hashes.wheel.txt
• .tekton/lightspeed-stack-pull-request.yaml
• .tekton/lightspeed-stack-push.yaml

💤 Files with no reviewable changes (1)

• .konflux/requirements.hashes.wheel.txt

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (16)

• GitHub Check: radon
• GitHub Check: Pylinter
• GitHub Check: unit_tests (3.13)
• GitHub Check: integration_tests (3.12)
• GitHub Check: spectral
• GitHub Check: integration_tests (3.13)
• GitHub Check: unit_tests (3.12)
• GitHub Check: build-pr
• GitHub Check: E2E Tests for Lightspeed Evaluation job
• GitHub Check: E2E: server mode / ci / group 2
• GitHub Check: E2E: library mode / ci / group 2
• GitHub Check: E2E: server mode / ci / group 1
• GitHub Check: E2E: library mode / ci / group 1
• GitHub Check: E2E: server mode / ci / group 3
• GitHub Check: E2E: library mode / ci / group 3
• GitHub Check: Konflux kflux-prd-rh02 / lightspeed-stack-on-pull-request

🔇 Additional comments (3)

.konflux/requirements.hashes.source.txt (1)

503-505: LGTM!

.tekton/lightspeed-stack-pull-request.yaml (1)

61-61: LGTM!

.tekton/lightspeed-stack-push.yaml (1)

53-53: LGTM!

---

Walkthrough

This PR upgrades the idna dependency from version 3.11 to 3.15 by updating the pinned versions and hashes in the source and wheel requirements files, and removing idna from the Tekton pipeline prefetch configurations for both pull-request and push pipelines.

Changes

idna Dependency Upgrade

Layer / File(s)	Summary
Dependency hash file updates .konflux/requirements.hashes.source.txt, .konflux/requirements.hashes.wheel.txt	Source requirements adds idna==3.15 with corresponding SHA256 hash values; wheel requirements removes idna==3.11 with its hash values.
Tekton pipeline configuration updates .tekton/lightspeed-stack-pull-request.yaml, .tekton/lightspeed-stack-push.yaml	Both pipeline configurations remove idna from the prefetch-input binary.packages lists in their dependency prefetching configurations.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically identifies the main change: fixing a CVE vulnerability in the idna dependency, which aligns with all four modified files (requirements and pipeline configuration updates).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

✨ Simplify code

• Create PR with simplified code

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}