Skip to content

fix(general): unpin boto3 and botocore versions #6071

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Aug 10, 2025
Merged

fix(general): unpin boto3 and botocore versions #6071

merged 16 commits into from
Aug 10, 2025

Conversation

harryzcy
Copy link
Contributor

@harryzcy harryzcy commented Mar 5, 2024
edited by baz-reviewer bot
Loading

User description

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Unpin boto3 and botocore as the bug from botocore is marked as resolved. That issue is related to urllib3 2.2.0 specifically.

Previous PRs that pinned the version: #6011, #6016

Fix: #6050

Generated description

Below is a concise technical summary of the changes proposed in this PR:

Unpins the boto3 and botocore versions in the project dependencies. This change allows for more flexibility in using newer versions of these libraries, while still maintaining compatibility with the current codebase. The modification affects both the Pipfile and setup.py files, ensuring consistency across different package management systems.

TopicDetails
Dependency Update Updates the boto3 dependency version constraint in Pipfile and setup.py
Modified files (3)
  • setup.py
  • Pipfile.lock
  • Pipfile
Latest Contributors(2)
UserCommitDate
tjwaldfeat-general-initial-s...January 23, 2025
tsmithv11chore-secrets-bump-det...December 19, 2024
This pull request is reviewed by Baz. Join @harryzcy and the rest of your team on (Baz).

@Saarett
Copy link
Contributor

Saarett commented Jul 1, 2024

Hi @harryzcy ,
That’s a good input, although I’m not sure it really affects anything as it is right now. If you think it is necessary to have this change, I’d appreciate it if you could resolve the conflicts, and we will rerun our tests.

Thanks!

@SayantanKhanra10
Copy link

@Saarett it does create an issue while locking dependencies if i want to use a much more newer version of boto3 in my project. I am planning to implement checkov with cdktf in my project and un-pining this will help us move forward.

@harryzcy can you please resolve the conflicts?

@harryzcy
Copy link
Contributor Author

@Saarett @SayantanKhanra10 merge conflicts fixed

@harryzcy
Copy link
Contributor Author

Conflict resolved

@AdamDev
Copy link
Contributor

AdamDev commented Jan 5, 2025

Hi @harryzcy, can you please resolve the conflicts?

@harryzcy
Copy link
Contributor Author

Hi @harryzcy, can you please resolve the conflicts?

Resolved

gruebel
gruebel reviewed Jan 10, 2025
View reviewed changes
@harryzcy
Copy link
Contributor Author

harryzcy commented Feb 5, 2025

Updated and recreated lock file with python 3.8 @gruebel

@harryzcy
Copy link
Contributor Author

@tsmithv11 @kartikp10 Hi maintainers, this PR is open for a year now. Can you review and move this forward?

@chpl chpl mentioned this pull request May 25, 2025
Open
5 tasks
@achiar99
Copy link
Contributor

Hi @harryzcy please resolve the conflicts

@harryzcy
Copy link
Contributor Author

Hi @harryzcy please resolve the conflicts

Thanks for reminding. Resolved

@AdamDev
Copy link
Contributor

AdamDev commented Aug 5, 2025

Hi @harryzcy, the PR Title is not valid, can you please fix it?

@harryzcy harryzcy changed the title Unpin boto3 and botocore versions chore(deps): unpin boto3 and botocore versions Aug 5, 2025
@harryzcy
Copy link
Contributor Author

harryzcy commented Aug 5, 2025

Hi @harryzcy, the PR Title is not valid, can you please fix it?

I've updated the title. Thanks

@pazbechor pazbechor changed the title chore(deps): unpin boto3 and botocore versions chore(general): unpin boto3 and botocore versions Aug 10, 2025
@pazbechor pazbechor changed the title chore(general): unpin boto3 and botocore versions fix(general): unpin boto3 and botocore versions Aug 10, 2025
@pazbechor
Copy link
Contributor

I've updated the branch & approved workflows run.
Also fix the PR title so we can merge it.

@pazbechor pazbechor requested a review from gruebel August 10, 2025 07:47
@pazbechor pazbechor requested review from pazbechor and removed request for gruebel August 10, 2025 08:25
@pazbechor
Copy link
Contributor

merging :)

@pazbechor pazbechor merged commit 2d02d89 into bridgecrewio:main Aug 10, 2025
47 of 50 checks passed
Saarett pushed a commit that referenced this pull request Aug 10, 2025
@harryzcy @pazbechor @actions-user
fix(general): unpin boto3 and botocore versions (#6071)
b0a5f6c 
* Unpin boto3 and botocore versions

* Rerun lock

* Minor update to conflict resolution

---------

Co-authored-by: pazbec <paz8097@gmail.com>
@pazbechor
Copy link
Contributor

@harryzcy Notice, this update caused to our pipline to break. Therefore I've reverted it & pinned the boto3 module again. FYI @AdamDev

@harryzcy harryzcy deleted the unpin-boto3 branch August 12, 2025 08:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AdamDev AdamDev AdamDev approved these changes

@pazbechor pazbechor pazbechor approved these changes

+1 more reviewer

@gruebel gruebel gruebel left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

remove pinning boto3 (and botocore) to an exact version

8 participants

@harryzcy @Saarett @SayantanKhanra10 @AdamDev @sgattusovha @achiar99 @pazbechor @gruebel