Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update websockets dependency requirements #1027

Closed
1 of 9 tasks
ggml1 opened this issue Jun 3, 2021 · 2 comments · Fixed by #1028
Closed
1 of 9 tasks

Update websockets dependency requirements #1027

ggml1 opened this issue Jun 3, 2021 · 2 comments · Fixed by #1028
Labels
good first issue semver:minor Version: 3x
Milestone
3.6.0

Comments

@ggml1
Copy link
Contributor

ggml1 commented Jun 3, 2021
edited

Hey!

I have been using this SDK with a uvicorn server. They have recently upgraded the websockets requirements (link), and the version 9.1 includes a fix for a security issue introduced in version 8.

Currently, they require >=9.1, while this SDK requires >=8,<9. It would be awesome if you could also bump your requirements so that we didn't need to pin the uvicorn version and could also benefit from this security fix.

I'd be happy to open a PR to help with the upgrade if needed, but I couldn't quite figure out how the library is used and what code changes might need to be done for this major upgrade.

Category (place an x in each of the [ ])

  • slack_sdk.web.WebClient (sync/async) (Web API client)
  • slack_sdk.webhook.WebhookClient (sync/async) (Incoming Webhook, response_url sender)
  • slack_sdk.models (UI component builders)
  • slack_sdk.oauth (OAuth Flow Utilities)
  • slack_sdk.socket_mode (Socket Mode client)
  • slack_sdk.audit_logs (Audit Logs API client)
  • slack_sdk.scim (SCIM API client)
  • slack_sdk.rtm (RTM client)
  • slack_sdk.signature (Request Signature Verifier)

Requirements

Please read the Contributing guidelines and Code of Conduct before creating this issue or pull request. By submitting, you are agreeing to those rules.
@ggml1 ggml1 added the untriaged label Jun 3, 2021
@seratch seratch added this to the 3.6.0 milestone Jun 3, 2021
@seratch
Copy link
Member

seratch commented Jun 3, 2021

Hi @ggml1, thanks for sharing this! There is no blocker for upgrading websockets dependency to the latest as it's an optional one. As this is a security update, we set 9.1 as the oldest supported version. I think we can set >=9.1,<10 this time. Your contributions would be appreciated!

ggml1 added a commit to ggml1/python-slack-sdk that referenced this issue Jun 4, 2021
@ggml1
[slackapi#1027] update websockets package version requirements
b0cad55
@ggml1
Copy link
Contributor Author

ggml1 commented Jun 4, 2021

Thanks @seratch! Will open a PR

@ggml1 ggml1 mentioned this issue Jun 4, 2021
Merged
16 tasks
seratch pushed a commit that referenced this issue Jun 4, 2021
@ggml1
[#1027] update websockets package version requirements (#1028)
ae4c5af
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue semver:minor Version: 3x
Projects
None yet
Milestone
3.6.0
Development

Successfully merging a pull request may close this issue.

[#1027] Update websockets package version requirements ggml1/python-slack-sdk
2 participants
@seratch @ggml1