-
Notifications
You must be signed in to change notification settings - Fork 308
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Online show output of backup process #679
base: master
Are you sure you want to change the base?
Online show output of backup process #679
Conversation
Has a merge conflict. Probably from this PR: https://github.com/SensorsIot/IOTstack/pull/689/files |
The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-5750273
…e8ed24fee [Snyk] Security upgrade pygments from 2.12.0 to 2.15.0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe look at #723 - when I was doing test builds of Bookworm I found it useful to remove all pins from both requirements files and just accept the latest and greatest.
…p-show-process # Conflicts: # scripts/backup.sh
@Slyke sorry for late answer. Resolved |
I think that this approach can lead to side problems. |
Acknowledged. But, tell me, do you know that (a) your change and (b) all the other pins (the ones you haven't changed) work on both Bullseye and Bookworm (and, to some extent for the IOTstack users who are still using it, Buster), or do you only know it works in your current environment? Please don't misinterpret that as either a criticism or an accusation or anything along those lines because that isn't what I mean. I really do want to know if you've tested more widely? That's the basic problem I'm trying to solve. I also acknowledge that removing all pins is a bit of a sledgehammer to crack a nut but it's what turned out to be needed for IOTstack to work with Bookworm, plus it turned out to be backwards compatible with Bullseye. I'm trying to get ahead of the game so that, come the day the Raspberry Pi Foundation releases a Bookworm version of Raspberry Pi OS, we don't get swamped with issues all starting with "my menu is broken". To be perfectly honest, this is one of the reasons I dislike the use of Python for basic IOTstack functionality. I think old-menu was better in that respect. I'd really like to see a return to bash with all updating of prerequisites managed via In fiddling about with the current menu on both ProxMox guests and Docker Desktop for Mac, a fair whack of things just don't work cross-platform and I think the "security enhancements" for Python are the nub of that problem. I "get" where the Python people are coming from too but I have no idea what challenges progeny-of-Bookworm will bring. I suspect the chances of the current workarounds for Bookworm continuing to work long term are low. It makes me worry. |
The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717
…ff17d6161 [Snyk] Security upgrade jinja2 from 3.0.3 to 3.1.3
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Things have moved on a bit since you first proposed this PR (I have no idea why it has been left pending all this time). There's a problem if you try to install IOTstack on Bookworm and also want to maintain compatibility with Bullseye and Buster, which has been solved by removing all version pinning from both requirements files.
What happens now is you get the latest version of each requirement as it is appropriate to the system you're running on. Since implementing that we haven't had any issues in the pattern "X doesn't work on Y OS and I solved it by pinning X to version Z" so I'd say IOTstack (in the form of the menu and mkdocs) doesn't have any particular version dependencies at the moment.
Having said all that , I'm no Python guru so ...
@Paraphraser ok, I've changed |
@Slyke solved. |
The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867
…c2a8780db [Snyk] Security upgrade requests from 2.31.0 to 2.32.0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've just tested requests>=2.32.0
on Bookworm and Bullseye. Works OK on both.
Hello, the manual backup script gives out information only at the end of the work. It's not possible to see anything in the process and it's not at all clear at what stage we are.
This pull request eliminates this injustice.