fix: upgrade the version of python from 3.9 to 3.12 as it is reaching EOL in Dec 2025, across all yml, tf templates, github workflows etc #320
+134
−100
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… EOL in Dec 2025, across all yml, tf templates, github workflows etc
…ies found during the scans, that are failing the github workflow
…(^2.5.0) that fail the github workflow checks
…ving type ignore where not required
… to version upgrade found for black and boto3 versions, as their versions have already been upgraded; fixing argument types for ignore
… been fixed; add ignore for certain non-conclusive flake8 checks; undoing the changes for inspector.py
…resolve vulnerabilities
…es, as even after the version upgrades the vulnerabilities are not getting resolved in the github workflow
…etry for installing dependencies for fixing vulnerabilities for black and urllib versions
…ety-policy.json file
…n the github workflow, as it prevents the installation of secure versions of packages like black and urllib3 leading to vulnerabilities
…sion dependency vulnerabilities
…vulnerabilities that persist for black and urllib3 packages
…safety on a clean environment
… to find security vulnerabilities for urllib3 and black
…t still come up due to caching
…to pull_request as the vulnerability fixes due to caching of poetry.lock were not getting addressed
davidhessler
requested changes
Nov 11, 2025
aws_sra_examples/terraform/solutions/inspector/configuration/variables.tf
Show resolved
Hide resolved
…ckov scan finding -- CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
…ssociated with main, and not keep using the pull_request_target
…s installation from the cache
Contributor
Author
|
The 'safety - Python Dependency Check/Linting (3.9) (pull_request_target)' fails because this action runs on the target branch/fork i.e. Also, added dependabot to automate Python upgrades in the future |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fix: upgrade the version of python from 3.9 to 3.12 as it is reaching EOL in Dec 2025, across all yml, tf templates, github workflows etc
Fixes #
By submitting this pull request, I confirm that my contribution is made under the terms of the [Apache 2.0 license].
Apache 2.0 License