search

ScilifelabDataCentre / dds_web

A cloud-based system for the delivery of data from SciLifeLab Facilities to their users (e.g. research group).
Other
7 stars 7 forks source link

Updated Pillow to the latest stable version #1486

Closed rv0lt closed 10 months ago

rv0lt commented 10 months ago

Read this before submitting the PR

  1. Always create a Draft PR first
  2. Go through sections 1-5 below, fill them in and check all the boxes
  3. Make sure that the branch is updated; if there's an "Update branch" button at the bottom of the PR, rebase or update branch.
  4. When all boxes are checked, information is filled in, and the branch is updated: mark as Ready For Review and tag reviewers (top right)
  5. Once there is a submitted review, implement the suggestions (if reasonable, otherwise discuss) and request an new review.

If there is a field which you are unsure about, enter the edit mode of this description or go to the PR template; There are invisible comments providing descriptions which may be of help.

1. Description / Summary

Updated Pillow package to the latest stable version (10.1.0) to fix known vulnerability issues related:

Several Jira task are related with this one because all this vulnerabities should be fixed once the package is updated.

Procedure followed to update package:

  1. Check the latest stable release in the documentation (https://pypi.org/project/Pillow/)
  2. Because the change was in a Major version (from 9.X.X to 10.X.X) ensure that the incompatible changes does not affect the code, or address them if it does
  3. Because other packages can also use this one, ensure dependency resolution with PIP

2. Jira task / GitHub issue

https://scilifelab.atlassian.net/jira/software/projects/DDS/boards/13?selectedIssue=DDS-1804

3. Type of change

What type of change(s) does the PR contain?

Check the relevant boxes below. For an explanation of the different sections, enter edit mode of this PR description template.

4. Additional information

5. Actions / Scans

Check the boxes when the specified checks have passed.

For information on what the different checks do and how to fix it if they're failing, enter edit mode of this description or go to the PR template.

codecov[bot] commented 10 months ago

Codecov Report

Merging #1486 (51c42c3) into dev (5423eb4) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##              dev    #1486   +/-   ##
=======================================
  Coverage   91.48%   91.48%           
=======================================
  Files          29       29           
  Lines        4617     4617           
=======================================
  Hits         4224     4224           
  Misses        393      393
rv0lt commented 10 months ago

Good, thorough documentation of this in the PR description.

Since this is used by qrcode, did you do any manual tests as well? E.g. Setting up 2FA with authenticator app with Pillow==9.3.0 and then try authenticating after Pillow had been bumped?

I just finished manually testing both that, the next version set-ups the two factor and, updating the backend container from 9 to 10 also keeps working, and still generates a valid QR

i-oden commented 10 months ago

Good, thorough documentation of this in the PR description. Since this is used by qrcode, did you do any manual tests as well? E.g. Setting up 2FA with authenticator app with Pillow==9.3.0 and then try authenticating after Pillow had been bumped?

I just finished manually testing both that, the next version set-ups the two factor and, updating the backend container from 9 to 10 also keeps working, and still generates a valid QR

Great! I'll do the same type of testing during the day and then I'll add a final review.

i-oden commented 10 months ago

@rv0lt ok to merge when you're ready