Skip to content

mitigate urlllib3 vulnerabilies#53

Merged
flamingbear merged 3 commits intomainfrom
mhs/update-deps
Dec 17, 2025
Merged

mitigate urlllib3 vulnerabilies#53
flamingbear merged 3 commits intomainfrom
mhs/update-deps

Conversation

@flamingbear
Copy link
Copy Markdown
Member

@flamingbear flamingbear commented Dec 16, 2025

Description

Bumps harmony-service-lib to mitigate vulnerabilities.

Opted not to release this version.

Jira Issue ID

None

Local Test Steps

Build and test this branch.

❯ ./bin/build-image && ./bin/build-test && ./bin/run-test

Run HGA regression tests against locahost.

PR Acceptance Checklist

  • [N/A] Jira ticket acceptance criteria met.
  • [N/A] version.txt and CHANGELOG.md updated if any service code is changed.
  • [N/A] Tests added/updated and passing.
  • [N/A] Documentation updated (if needed).

@flamingbear flamingbear mentioned this pull request Dec 16, 2025
Closed
@owenlittlejohns
Copy link
Copy Markdown
Member

owenlittlejohns commented Dec 16, 2025

The change makes sense and I can see the CI/CD passing. I will be able to run the tests locally potentially tomorrow or Wednesday, and then I'll stick a big thumbs up on this PR.

owenlittlejohns
owenlittlejohns approved these changes Dec 17, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@owenlittlejohns owenlittlejohns left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes make sense and I've run the tests locally to confirm that they still pass. Thanks for patching this.

@owenlittlejohns
Copy link
Copy Markdown
Member

owenlittlejohns commented Dec 17, 2025

I guess - should we cut a release? If this was an operational service, I probably would push for it, because the point of updating the dependencies is to remove the vulnerability from operational code. But this isn't deployed, so maybe it's not so much of an issue? 🤷

@flamingbear flamingbear merged commit 49ede7c into main Dec 17, 2025
4 checks passed
@flamingbear flamingbear deleted the mhs/update-deps branch December 17, 2025 16:05
@flamingbear flamingbear mentioned this pull request Dec 17, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@owenlittlejohns owenlittlejohns owenlittlejohns approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@flamingbear @owenlittlejohns