Closed cris-oddball closed 1 year ago
This is at risk because QA cutoff is Thursday at 2 pm ET. If no one can pick this up tomorrow and let us know the scope to confirm it's possible by then we will need to pull it from the sprint. CC @tabinda-syed
Created ticket #1380 to address conflict that occurred with PyJWT>=2.8.0
Results of regular upgrade
This particular dependabot fixed: https://github.com/department-of-veterans-affairs/notification-api/security/dependabot/33
No new Twistlock issues resolved. In fact, one new one found for pypdf2, which will be cleared when the two tickets to change to pypdf are worked.
PERF: 130 passed, 2 skipped, 3 xfailed in 119.36s (0:01:59)
Leaving open until tomorrow morning to ensure that BigQuery still has data.
BQ data exists for the previous day; closing ticket.
whoops, cannot close this ticket - I just deployed the perf branch, this code has not yet been merged to master.
Closing - this did get merged yesterday!
User Story - Business Need
We wish to keep dependencies up to date so we do not need such massive overhauls of our system. This will be a recurring ticket that will be done every sprint. We will update all dependencies we are able to. Any conflicts will get a ticket. This is intended to be a day of work at most because this is intended to update with only non-breaking changes.
User Story
As VA Notify I want to keep our service up to date So that we are secure and as free of bugs as possible
Additional Info and Resources
Engineering Checklist
Acceptance Criteria
Repo dependencies are updated and we have no broken functionality. Issues opened by Dependabot are resolved. Tickets created for any updates we could, or should, not do.
QA Considerations