You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/11/08 19:27:22 UTC
[GitHub] [airflow] murilommen opened a new issue #19479: Update Werkzeug requirements.txt for Safety checks
murilommen opened a new issue #19479:
URL: https://github.com/apache/airflow/issues/19479
### Description
I am not sure exactly how to contribute or modify this, but recently [safety](https://pypi.org/project/safety/) has started to flag a security issue for `Werkzeug<=2.0.2`.
Since the latest Airflow distribution still relies on version 1.0.1, I am currently unable to pass on my CI pipeline and therefore to use Airflow in my project, since it requires to pass Python safety's check.
### Use case/motivation
Being able to pass Python Safety checks
### Related issues
Not that I could find here
### Are you willing to submit a PR?
- [ ] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] boring-cyborg[bot] commented on issue #19479: Update Werkzeug requirements.txt for Safety checks
Posted by GitBox <gi...@apache.org>.
boring-cyborg[bot] commented on issue #19479:
URL: https://github.com/apache/airflow/issues/19479#issuecomment-963499486
Thanks for opening your first issue here! Be sure to follow the issue template!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] potiuk commented on issue #19479: Update Werkzeug requirements.txt for Safety checks
Posted by GitBox <gi...@apache.org>.
potiuk commented on issue #19479:
URL: https://github.com/apache/airflow/issues/19479#issuecomment-963507252
Werkzeug <2.0 is required by Flask which we are using. Upgrading to 2+ might require a lot of changes This is something that will not happen quickly (maybe even months), so I suggest you implement some exception in your pipeline.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] potiuk commented on issue #19479: Update Werkzeug requirements.txt for Safety checks
Posted by GitBox <gi...@apache.org>.
potiuk commented on issue #19479:
URL: https://github.com/apache/airflow/issues/19479#issuecomment-963509138
BTW. The fact that some tools flags a dependency as vulnerable, does not automatically mean that the application using it is vulnerable (otherwise pretty much any application out there would be vulnerable). If you do think there is a vulnerability that applies to airflow. you should follow the securitty policy and report it with all details via securty@apache.org : https://github.com/apache/airflow/security/policy
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] mik-laj commented on issue #19479: Update Werkzeug requirements.txt for Safety checks
Posted by GitBox <gi...@apache.org>.
mik-laj commented on issue #19479:
URL: https://github.com/apache/airflow/issues/19479#issuecomment-963509420
This may be problematic, because Flask==1.1.4 requires Werkzeug>=0.15,<2.0. Updating Flask may require updating many libraries including Flask-AppBuilder==3.3.3 (requires: Flask>=0.12,<2), Flask-JWT-Extended==3.25.1 (requires: Flask>=1.0,<2.0).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] murilommen closed issue #19479: Update Werkzeug requirements.txt for Safety checks
Posted by GitBox <gi...@apache.org>.
murilommen closed issue #19479:
URL: https://github.com/apache/airflow/issues/19479
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] murilommen commented on issue #19479: Update Werkzeug requirements.txt for Safety checks
Posted by GitBox <gi...@apache.org>.
murilommen commented on issue #19479:
URL: https://github.com/apache/airflow/issues/19479#issuecomment-965729705
Thank you so much for the inputs! I have just raised a specific exception for it in my automation pipeline. That was the kind of insight I was looking for 😄 Cheers!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org