Allow networkx<3.0 to allow security fixes - Githubissues

etsy / boundary-layer

Builds Airflow DAGs from configuration files. Powers all DAGs on the Etsy Data Platform

Apache License 2.0

262 stars 58 forks source link

Allow networkx<3.0 to allow security fixes #140

Open jdimatteo opened 1 year ago

jdimatteo commented 1 year ago

Description

Allow networkx<3.0 to allow security fixes

Context / Why are we making this change?

networkx before 2.6 is flagged for security vulnerabilities as described at https://security.snyk.io/vuln/SNYK-PYTHON-NETWORKX-1062709

Testing and QA Plan

How has this work been tested or QA'd?

Trusting automated test coverage.

Impact

What are the implications of these changes? Are there any cross-cutting concerns to keep in mind?

networkx<3.0 was allowed with https://github.com/etsy/boundary-layer/pull/107 , however was reverted with https://github.com/etsy/boundary-layer/pull/108 , and no context was provided why it was reverted, but hopefully this change is fine now given the passage of time.

jdimatteo commented 1 year ago

Hi can someone please review / merge this or let me know what changes are needed before merging this security fix?