Bump aiohttp across services, images, and packages #3178
Conversation
SorenSpicknall
requested review from
evansiroky,
tiffanychu90 and
hunterowens
as code owners
There was a problem hiding this comment.
Technical changes LGTM, but nitpick that airflow is checked off for aiohttp in #3165 when not changed in this PR.
For actions after merge, what would you plan to do with the two Airflow changes that aren't going to be made now -- would you just close those two dependabot PRs with a comment, or leave them open with a comment, or maybe make a new separate issue to start aggregating changes that we assume should be handled by the upcoming Airflow upgrade?
Before I took on primary stewardship of this genre of task, it appears that previous maintainers tended to close accompanying Issues. I'm supportive of that general tact, since upgrades to Airflow itself naturally prompt upgrades to underlying dependencies and it's not particularly useful to track these small dependency changes in detail. One thing I will do is create an Issue to configure dependabot behavior to ignore certain parts of the repo, something we don't do by default - that way we're not prompted for updates to certain files that need to be manually maintained, like |
Description
Bumps aiohttp across each relevant import, except in /airflow (which we try to keep in relative parity with the version deployed via Composer). Doesn't touch the
cryptographyimport mentioned in #3165 for the same reason (parity for Composer in /airflow).Resolves #3165
Type of change
How has this been tested?
Each relevant image built locally prior to merging. Some CI tasks will also build images.
Post-merge follow-ups