Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update packages + UV and bump version.txt #156

Merged
merged 3 commits into from
Dec 11, 2024

Conversation

pjonsson
Copy link
Collaborator

@pjonsson pjonsson commented Dec 6, 2024

I just noticed that Trivy flags the image for CVE-2024-52804, so update uv.lock and bump version.txt so we can make a release.

While updating, bump to latest release of uv which fixes a number of bugs. (Ruff gets strictly better for each release, so I assume it's the same with uv.)

@pjonsson pjonsson requested a review from alexgleith December 6, 2024 17:58
@pjonsson
Copy link
Collaborator Author

pjonsson commented Dec 8, 2024

@alexgleith I'm not sure what timezone you are in, but I'm hoping this is early Monday morning for you. If you have the time, it would be great if you could take a look at this PR during this week so we can get a security-fixed release out during the week.

You can discard my earlier comment about it being nice to have the odc-tools fix in the next release, my PR that (hopefully) fixes the problem on the failing Github action will probably take some time to get merged, so I'll get back to that in 2025.

@pjonsson
Copy link
Collaborator Author

Just updated the PR so the lock file now contains datacube-core 1.8.20 which restricts some versions of dependencies.

@pjonsson pjonsson merged commit 27a299c into opendatacube:main Dec 11, 2024
3 checks passed
@pjonsson pjonsson deleted the uv-sync branch December 11, 2024 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants