Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PNDA-4800 Fix for known vulnerabilities for python notebook,paramiko #239

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

PNDA-4800 Fix for known vulnerabilities for python notebook,paramiko #239

wants to merge 1 commit into from

Conversation

janselva
Copy link
Contributor

  • updated the paramiko version
  • Updated the notebook package, also its dependencies packages.

@trsmith2
Copy link
Member

trsmith2 commented Aug 22, 2018
edited
Loading

Would it be possible to make the necessary changes but keep the organization of the file the same, as it will then be much easier to review. I do agree that the order should be corrected, but let's do that as a separate change as we know that will be of no functional consequence and can treat it accordingly.

@janselva
Copy link
Contributor Author

janselva commented Aug 27, 2018
edited
Loading

Fixed the review comments
Dependent PRs.
pndaproject/platform-salt#619
#239
pndaproject/platform-deployment-manager#93

@trsmith2 trsmith2 self-requested a review August 28, 2018 14:57
trsmith2
trsmith2 previously approved these changes Aug 28, 2018
View reviewed changes
Copy link
Member

@trsmith2 trsmith2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making the change clearer. In order to merge this and related PRs, we'll need to understand why dependencies that were previously only needed for python3 now need to be included for python2, and vice versa.

@janselva
Copy link
Contributor Author

Jupyter extension installing "widgets extension" package in PY2 this will require a notebook package. The newer version of notebook package requires the additional dependencies, this is not resolved by py2, that's why added the additional packages into PY2.

https://github.com/pndaproject/platform-salt/blob/32ce55fc26d811d78a0f2b042c505ca454456495/salt/jupyter/templates/requirements-jupyter-extensions.txt.tpl#L4

https://github.com/pndaproject/platform-salt/blob/32ce55fc26d811d78a0f2b042c505ca454456495/salt/jupyter/extensions.sls#L43

@trsmith2
Copy link
Member

Yes, but it seems odd that these dependencies are required for both python2 and 3, wouldn't you agree? Why can't they all be python3 for example? I'm questioning the code you're modifying, more than your change, which makes sense if they are indeed required.

@trsmith2 trsmith2 added the 5.2 label Aug 29, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trsmith2 trsmith2 trsmith2 left review comments

Assignees
No one assigned
Labels
5.2
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@janselva @trsmith2