mik-laj opened a new issue #12120: URL: https://github.com/apache/airflow/issues/12120
Dear and Wonderful Citizens, I started to look at what libraries we have defined in the `constraints-*.txt` file and I am a bit surprised because we have this constraints defined on very old libraries. https://github.com/apache/airflow/blob/053afe7/constraints-3.8.txt Sometimes we have defined libraries that are over 3 years old, which can cause security problems. Old versions of the library may have vulnerabilities that have probably been fixed in newer versions. I am most concerned about dependency conflicts. Old libraries are only compatible with old libraries, which can cause problems if the user wants to use a new version of the same library. At the moment (5 November 2020), this is the status of our outdated packages: and their ages. | package_name | current_version | latest_version | diff_part | age | |------------------------------------|-------------------|------------------|-------------|------------------| | clickclick | 1.2.2 | 20.10.2 | 1-major | 3 years | | Markdown | 2.6.11 | 3.3.3 | 1-major | 2 years | | dnspython | 1.16.0 | 2.0.0 | 1-major | 1 year, 7 months | | mysqlclient | 1.3.14 | 2.0.1 | 1-major | 1 year, 6 months | | vine | 1.3.0 | 5.0.0 | 1-major | 1 year, 5 months | | isort | 4.3.21 | 5.6.4 | 1-major | 1 year, 3 months | | google-cloud-language | 1.3.0 | 2.0.0 | 1-major | 1 year, 2 months | | oauthlib | 2.1.0 | 3.1.0 | 1-major | 1 year, 2 months | | watchtower | 0.7.3 | 1.0.0 | 1-major | 1 year, 2 months | | docker | 3.7.3 | 4.3.1 | 1-major | 1 year, 2 months | | azure-mgmt-containerinstance | 1.5.0 | 2.0.0 | 1-major | 1 year, 1 month | | azure-storage-blob | 2.1.0 | 12.5.0 | 1-major | 1 year, 1 month | | traitlets | 4.3.3 | 5.0.5 | 1-major | 1 year, 12 days | | google-cloud-translate | 1.7.0 | 3.0.1 | 1-major | 10 months | | google-cloud-speech | 1.3.2 | 2.0.0 | 1-major | 7 months | | kubernetes | 11.0.0 | 12.0.0 | 1-major | 7 months | | google-cloud-vision | 1.0.0 | 2.0.0 | 1-major | 7 months | | Flask-Babel | 1.0.0 | 2.0.0 | 1-major | 6 months | | freezegun | 0.3.15 | 1.0.0 | 1-major | 6 months | | google-cloud-tasks | 1.5.0 | 2.0.0 | 1-major | 6 months | | google-cloud-texttospeech | 1.0.1 | 2.2.0 | 1-major | 5 months | | azure-kusto-data | 0.0.45 | 1.0.3 | 1-major | 5 months | | google-cloud-kms | 1.4.0 | 2.2.0 | 1-major | 5 months | | multidict | 4.7.6 | 5.0.0 | 1-major | 4 months | | google-crc32c | 0.1.0 | 1.0.0 | 1-major | 4 months | | google-cloud-datacatalog | 0.7.0 | 2.0.0 | 1-major | 4 months | | google-cloud-automl | 1.0.1 | 2.1.0 | 1-major | 4 months | | google-cloud-monitoring | 1.0.0 | 2.0.0 | 1-major | 4 months | | google-cloud-redis | 1.0.0 | 2.0.0 | 1-major | 4 months | | google-cloud-secret-manager | 1.0.0 | 2.0.0 | 1-major | 3 months | | apispec | 3.3.1 | 4.0.0 | 1-major | 3 months | | google-cloud-bigquery | 1.26.1 | 2.3.1 | 1-major | 3 months | | celery | 4.4.7 | 5.0.2 | 1-major | 3 months | | azure-cosmos | 3.2.0 | 4.2.0 | 1-major | 3 months | | fastavro | 0.24.0 | 1.1.0 | 1-major | 3 months | | google-cloud-container | 1.0.1 | 2.1.0 | 1-major | 2 months | | google-cloud-bigquery-datatransfer | 1.1.0 | 2.1.0 | 1-major | 2 months | | importlib-metadata | 1.7.0 | 2.0.0 | 1-major | 2 months | | pyarrow | 1.0.0 | 2.0.0 | 1-major | 2 months | | sphinxcontrib-spelling | 5.2.1 | 7.1.0 | 1-major | 2 months | | google-cloud-dlp | 1.0.0 | 2.0.0 | 1-major | 2 months | | kombu | 4.6.11 | 5.0.2 | 1-major | 2 months | | google-cloud-pubsub | 1.7.0 | 2.1.0 | 1-major | 2 months | | humanize | 2.6.0 | 3.1.0 | 1-major | 2 months | | google-resumable-media | 0.7.1 | 1.1.0 | 1-major | a month | | google-ads | 6.0.0 | 7.0.0 | 1-major | a month | | azure-mgmt-resource | 10.2.0 | 15.0.0 | 1-major | a month | | google-cloud-dataproc | 1.1.1 | 2.0.2 | 1-major | a month | | vertica-python | 0.11.0 | 1.0.0 | 1-major | a month | | amqp | 2.6.1 | 5.0.1 | 1-major | a month | | pytest-xdist | 1.34.0 | 2.1.0 | 1-major | 28 days | | portalocker | 1.7.1 | 2.0.0 | 1-major | 16 days | | gunicorn | 19.10.0 | 20.0.4 | 1-major | 3 days | I generated this table with the script: https://gist.github.com/mik-laj/880b07bfbdbd5c65b4b2260f6c0fee72 CC: @potiuk ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
