Skip to content

build: update jinja to 2.10.1. #6623

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 18, 2019
Merged

build: update jinja to 2.10.1. #6623

merged 2 commits into from
Apr 18, 2019

Conversation

htuch
Copy link
Member

@htuch htuch commented Apr 17, 2019

GitHub was complaining that 2.10 was problematic security wise; I don't
think it's an issue in our environment, but this should make the
warnings go away.

Signed-off-by: Harvey Tuch htuch@google.com

@htuch
build: update jinja to 2.10.1.
553e92b 
GitHub was complaining that 2.10 was problematic security wise; I don't
think it's an issue in our environment, but this should make the
warnings go away.

Signed-off-by: Harvey Tuch <htuch@google.com>
@htuch htuch requested a review from junr03 April 17, 2019 17:16
@moderation
Copy link
Contributor

moderation commented Apr 17, 2019
edited
Loading

Prior to 2.10.1 they provided developer generated tars and shas. 2.10.1 doesn't have these so if we want to pull into repository_locations.bzl we need to change the download URL. Should we add that dependency to this PR? https://github.com/pallets/jinja/releases/tag/2.10.1. I'm happy to include in a follow up dependency PR

@htuch
Copy link
Member Author

htuch commented Apr 17, 2019

@moderation I'm not so concerned about bumping to 2.10.1 for the Bazel side, since this is only test code consuming, but I think it would be a valuable followup to ensure that we are able to maintain consistent versions of Jinja going forward. I wonder if we can mechanically extract the version and verify it in some test from the requirements.txt and repository_locations.bzl.

@lizan
Copy link
Member

lizan commented Apr 17, 2019

/retest

@repokitteh-read-only
Copy link

🔨 rebuilding ci/circleci: coverage (failed build)

🐱

Caused by: a #6623 (comment) was created by @lizan.

see: more, trace.

junr03
junr03 approved these changes Apr 18, 2019
View reviewed changes
Copy link
Member

@junr03 junr03 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. @moderation do you mind opening a small issue to track the bazel side, and the consistent versioning across the repo? I feel that otherwise we are just going to forget about it. Thanks!

@mattklein123
Copy link
Member

Going to merge this to remove the warning. Let's definitely get the other issue opened per @junr03

@mattklein123 mattklein123 merged commit 788e66d into envoyproxy:master Apr 18, 2019
@htuch
Copy link
Member Author

htuch commented Apr 18, 2019

Tracking at #6634

@htuch htuch deleted the jinja-2.10.1 branch April 18, 2019 12:30
mpuncel added a commit to mpuncel/envoy that referenced this pull request Apr 19, 2019
@mpuncel
Merge branch 'master' into mpuncel/hedging-impl
88b2c8b 
* master: (26 commits)
  docs: update docs to recommend /retest repokitteh command (envoyproxy#6655)
  http timeout integration test: wait for 15s for upstream reset (envoyproxy#6646)
  access log: add response code details to the access log formatter (envoyproxy#6626)
  build: add ppc build badge to README (envoyproxy#6629)
  Revert dispatcher stats (envoyproxy#6649)
  Batch implementation with timer (envoyproxy#6452)
  fault filter: reset token bucket on data start (envoyproxy#6627)
  event: update libevent dependency to fix race condition (envoyproxy#6637)
  examples: standardize docker-compose version and yaml extension (envoyproxy#6613)
  quiche: Implement SpdyUnsafeArena using SpdySimpleArena (envoyproxy#6612)
  router: support customizable retry back-off intervals (envoyproxy#6568)
  api: create OpenRCA service proto file (envoyproxy#6497)
  ext_authz: option for clearing route cache of authorized requests (envoyproxy#6503)
  build: update jinja to 2.10.1. (envoyproxy#6623)
  tools: check spelling in pre-push hook (envoyproxy#6631)
  security: blameless postmortem template. (envoyproxy#6553)
  Implementing Endpoint lease for ClusterLoadAssigment (envoyproxy#6477)
  add HTTP integration tests exercising timeouts (envoyproxy#6621)
  event: fix DispatcherImplTest::InitializeStats flake (envoyproxy#6619)
  Add tag extractor for RDS route config name (envoyproxy#6618)
  ...

Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
2 more reviewers

@lizan lizan lizan approved these changes

@junr03 junr03 junr03 approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@junr03 junr03

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@htuch @moderation @lizan @mattklein123 @junr03