Thanks to visit codestin.com
Credit goes to github.com

Skip to content

make websocket-client dependency more open #416

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 4, 2018
Merged

make websocket-client dependency more open #416

merged 1 commit into from
Jan 4, 2018

Conversation

prometheanfire
Copy link
Contributor

fixes: #413

The issue as reported in #262
was not reproduced in versions of websocketclient over 0.40.0, so just mask
0.40.0. This allows consumption of possible security fixes and allows the
client to be co-installable with more python libraries.

@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Dec 13, 2017
@k8s-ci-robot
Copy link
Contributor

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://github.com/kubernetes/kubernetes/wiki/CLA-FAQ to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.

  • If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
  • If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.
  • If you have done the above and are still having issues with the CLA being reported as unsigned, please email the CNCF helpdesk: [email protected]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. label Dec 13, 2017
@prometheanfire
Copy link
Contributor Author

I just finished signing it

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Dec 13, 2017
@dims
Copy link
Collaborator

dims commented Dec 13, 2017

@prometheanfire did you see these bad versions here? :
7a6054c

@dims
Copy link
Collaborator

dims commented Dec 13, 2017

Can you please update this PR with those versions too?

@prometheanfire
Copy link
Contributor Author

@dims it looks like (based on @leeyal) that only 0.40.0 was currently 'bad'. Are there not tests for the issue that original masked those versions?

@dims
Copy link
Collaborator

dims commented Dec 13, 2017

@prometheanfire i don't see a test when the cap was made :(

@dims
Copy link
Collaborator

dims commented Dec 13, 2017

cc @mbohlool

@prometheanfire
Copy link
Contributor Author

in that case, if it's confirmed I'll mask them too

@dims
Copy link
Collaborator

dims commented Dec 13, 2017

@prometheanfire in the interest of caution (since the PR was filed by someone who had the problem), let's please mask them

@prometheanfire
make websocket-client dependency more open
a3ef4c4 
fixes: kubernetes-client#413

The issue as reported in kubernetes-client#262
was not reproduced in versions of websocketclient over 0.43.0, so just mask
the known bad versions.  This allows consumption of possible security fixes and
allows the client to be co-installable with more python libraries.
@mbohlool
Copy link
Contributor

I see tests are passing for "0.44" and we banned up to "0.42". Are we concern about "0.43". Did you test it with websocket 0.43?

@prometheanfire
Copy link
Contributor Author

I was not able to reproduce the error at all, I was just masking what was reported elsewhere as known bad.

@prometheanfire
Copy link
Contributor Author

Is there anything preventing this from being merged at this point?

@dims
Copy link
Collaborator

dims commented Dec 21, 2017

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 21, 2017
@mbohlool mbohlool merged commit d3daaab into kubernetes-client:master Jan 4, 2018
@prometheanfire prometheanfire deleted the uncap-requirements branch January 4, 2018 00:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@dims dims

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

The cap on websocket-client is preventing consumption of security fixes
4 participants
@prometheanfire @k8s-ci-robot @dims @mbohlool