Upgrade CKAN 2.9.7

[jbrown-xentity]

User Story

In order to keep catalog and inventory on latest versions of software, data.gov admins want CKAN upgraded in catalog and inventory to 2.9.7.

Acceptance Criteria

[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]

• [x] GIVEN catalog has been fully tested on CKAN2.9.7 \ WHEN visit https://catalog.data.gov/api/action/status_show \ THEN output contains "ckan_version": "2.9.7"
• [x] GIVEN inventory has been fully tested on CKAN2.9.7 \ WHEN visit https://inventory.data.gov/api/action/status_show \ THEN output contains "ckan_version": "2.9.7"

Background

Security Considerations (required)

None

Sketch

Should do the following for both applications:

• Upgrade CKAN in requirements.in and requirements.txt
• Allow automated tests to run
• Push to dev (git push origin feature-branch:develop), validate key use cases (login, etc)
• Create PR with notes on testing/validation
• Merge and let release roll

[jbrown-xentity]

Please note I already saw https://github.com/keitaroinc/ckanext-saml2auth/pull/74, which is a proposed change to work with 2.9.6. So it's already known (since release less than 48 hours ago) that there are breaking changes. It's ok to give this a week or 2, to make sure there aren't any other breaking changes.

[jbrown-xentity]

After reviewing the changelog, I think there aren't any super important fixes that apply to us. We don't have to make this a high priority.

[jbrown-xentity]

2.9.7 was released today, due to an account vulnerability. We have already triaged this vulnerability and it doesn't affect us, so this doesn't change the priority. See https://github.com/ckan/ckan/blob/ckan-2.9.7/CHANGELOG.rst

[hkdctol]

Bringing in to at least investigate the impact

[nickumia-reisys]

This has been completed. The only anomaly in this work was a ckanext-geodatagov test which has been documented in this ADR.