Skip to content

Switch to Python 3.12 and regenerate poetry.lock to unblock Pillow up…#438

Merged
openshift-merge-bot[bot] merged 1 commit intoopendatahub-io:stable-2.xfrom
rpancham:pillow
Mar 3, 2026
Merged

Switch to Python 3.12 and regenerate poetry.lock to unblock Pillow up…#438
openshift-merge-bot[bot] merged 1 commit intoopendatahub-io:stable-2.xfrom
rpancham:pillow

Conversation

@rpancham
Copy link
Copy Markdown
Contributor

@rpancham rpancham commented Mar 3, 2026

This PR updates the container runtime to use Python 3.12 and aligns project metadata and dependencies accordingly.

Changes included:

  • Establish Python 3.12 in the Dockerfile so all dependency resolution occurs under Python 3.12.
  • Update the Python version constraint in pyproject.toml to allow Python 3.12.
  • Regenerate poetry.lock under Python 3.12 to ensure consistent and reproducible dependency resolution.

This unblocks upgrading Pillow to a supported version (>=12.1.1), addressing the identified security vulnerability. No functional behavior changes are expected beyond the runtime and dependency alignment.

Addresses: https://issues.redhat.com/browse/RHOAIENG-49438

@openshift-ci openshift-ci bot requested review from Xaenalt and dtrifiro March 3, 2026 17:17
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Mar 3, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rpancham

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved label Mar 3, 2026
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Mar 3, 2026

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

🗂️ Base branches to auto review (4)
  • main
  • master
  • incubation
  • rhoai

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@RH-steve-grubb
Copy link
Copy Markdown

RH-steve-grubb commented Mar 3, 2026

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Mar 3, 2026
@rpancham rpancham removed request for Xaenalt and dtrifiro March 3, 2026 17:22
@openshift-merge-bot openshift-merge-bot bot merged commit 2ed53e7 into opendatahub-io:stable-2.x Mar 3, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@edwardquarm edwardquarm Awaiting requested review from edwardquarm

@RH-steve-grubb RH-steve-grubb Awaiting requested review from RH-steve-grubb

Assignees

@RH-steve-grubb RH-steve-grubb

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rpancham @RH-steve-grubb