Closed flippingbits closed 1 year ago
Kudos, SonarCloud Quality Gate passed!
Is there a way to define the python version in requirements or somewhere else? I ran into the issue, that some packages were not available.
The used modules require Python 3.7 or newer.
I don't know if you can require specific Python versions in the requirements.txt
but the Dockerfile, which we are using to build the python-runner image, defines a Python version.
I guess this only affects your local development environment? What about extending the README with the required Python version? I suggest to open another issue/PR to deal with it, such that we do not delay merging this security fix.
I think it's fine. We can move to pyproject.toml
on the next iteration. https://pip.pypa.io/en/stable/reference/build-system/pyproject-toml/
Dependabot reported an unintended leak of the
Proxy-Authorization
header in the version of therequests
library that we are using (all versions < 2.31.0 are affected).This commit updates the
python_runner/requirements.txt
and requires a version ofrequests
where this issue has been fixed (>= 2.31.0).