search

fecgov / fec-cms

The content management system (CMS) for the new Federal Election Commission website.
https://www.fec.gov
Other
92 stars 38 forks source link

6207-pin sqlparse to remove snyk vulnerability #6253

Closed cnlucas closed 2 months ago

cnlucas commented 2 months ago

Summary (required)

Sqlparse is brought in by Django, we need to pin it to remove a snyk vulnerability until Django updates their min version (they have not yet in the current version)

Required reviewers

2 devs

Impacted areas of the application

General components of the application that this PR will affect:

How to test

(Include any information that may be helpful to the reviewer(s). This might include links to sample pages to test or any local environmental setup that is unusual such as environment variable (never credentials), API version to point to, etc)

  1. in dev snyk test --file=requirements.txt --package-manager=pip
  2. Create new virtualenv
  3. pyenv activate <new virtualenv>
  4. pip install -r requirements.txt
  5. npm install
  6. npm run build
  7. pytest
  8. cd fec/
  9. ./manage.py runserver
  10. pytest
  11. snyk test --file=requirements.txt --package-manager=pip sqlparse vuln should be gone
codecov[bot] commented 2 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 77.92%. Comparing base (18b826d) to head (779352e).

Additional details and impacted files ```diff @@ Coverage Diff @@ ## develop #6253 +/- ## ======================================== Coverage 77.92% 77.92% ======================================== Files 289 289 Lines 9364 9364 Branches 681 681 ======================================== Hits 7297 7297 Misses 2067 2067 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

cnlucas commented 2 months ago

Closing as now the lastest version is being pulled