Skip to content

chore: fix werkzeug lower versions #1104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 14, 2025
Merged

chore: fix werkzeug lower versions #1104

merged 1 commit into from
May 14, 2025

Conversation

eladkal
Copy link
Contributor

@eladkal eladkal commented May 14, 2025

No description provided.

@eladkal eladkal mentioned this pull request May 14, 2025
Merged
@tiwarishubham635
Copy link
Contributor

Instead of adding different versions for different python versions, can we use a minimum version that at least supports all the versions?

@eladkal
Copy link
Contributor Author

eladkal commented May 14, 2025

Instead of adding different versions for different python versions, can we use a minimum version that at least supports all the versions?

I think it's best to keep with the official library recommendations. When it specifically mentioned support added/removed I used these versions.

@tiwarishubham635
Copy link
Contributor

Let me know if you want to do any more changes, we can merge it then

@eladkal
Copy link
Contributor Author

eladkal commented May 14, 2025

no more changes
hope to get it released soon as apache/airflow#50221 is depended on next release

@keyboSlice
Copy link

Hi there, I'm seeing snyk raise vulnerability warnings for remote code execution for werkzeug < 3.0.3, where werkzeug is added as a dependency of sendgrid-python - do you know if the sendgrid-python package is compatible with werkzeug > 3.0.0 and would it be ok to raise a PR to add that version here?

@tiwarishubham635
Copy link
Contributor

tiwarishubham635 commented May 14, 2025
edited
Loading

Hi @keyboSlice! Please refer this file for version wise support. If everything is fine, we can merge this. Thanks!

@keyboSlice
Copy link

Thanks for the fast reply @tiwarishubham635 that's very useful

@tiwarishubham635 tiwarishubham635 merged commit 4671192 into sendgrid:main May 14, 2025
9 checks passed
@eladkal eladkal deleted the wer2 branch May 14, 2025 19:57
@ranjanprasad1996
Copy link
Contributor

@tiwarishubham635 Seeing vulnerability on werkzeug on build 6.12.2 with python3.10. Could you please let me know when this will be relesed? Thanks

@tiwarishubham635
Copy link
Contributor

We have a biweekly cadence for release. The next release is scheduled to for May 29. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tiwarishubham635 tiwarishubham635 tiwarishubham635 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@eladkal @tiwarishubham635 @keyboSlice @ranjanprasad1996