fix(requirements): pin lxml and xmlsec on sumac to fix pylint CI#38320
fix(requirements): pin lxml and xmlsec on sumac to fix pylint CI#38320kingoftech-v01 wants to merge 1 commit intoopenedx:open-release/sumac.masterfrom
Conversation
Backport the lxml==5.3.0 and xmlsec==1.3.14 pins to open-release/sumac.master. Without these constraints, pip on the ubuntu-24.04 runner resolves to newer wheels whose bundled libxml2 does not match the system libxml2, raising a version-mismatch RuntimeError at import time and crashing pylint before any lint rule runs. The fix mirrors master commit ef93d6b ("build: Pin lxml and xmlsec.") but uses lxml==5.3.0 to match Sumac's already-locked resolution in requirements/edx/{base,development,testing}.txt, avoiding an unrelated re-resolve. A regression test in openedx/tests/test_bug_36305_regression.py guards the pin and verifies xmlsec still imports cleanly. Closes openedx#36305 Refs openedx#36695
openedx-webhooks
added
the
open-source-contribution
|
Thanks for the pull request, @kingoftech-v01! This repository is currently maintained by Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review. 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Submit a signed contributor agreement (CLA)
If you've signed an agreement in the past, you may need to re-sign. Once you've signed the CLA, please allow 1 business day for it to be processed. 🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. DetailsWhere can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources: When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
1 similar comment
|
Thanks for the pull request, @kingoftech-v01! This repository is currently maintained by Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review. 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Submit a signed contributor agreement (CLA)
If you've signed an agreement in the past, you may need to re-sign. Once you've signed the CLA, please allow 1 business day for it to be processed. 🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. DetailsWhere can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources: When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
|
CLA signed via DocuSign. Re-triggering the check. Other checklist items:
@openedx/wg-maintenance-openedx-platform — marking ready for engineering review when you have capacity. Thanks! |
3 participants
Withdrawn by author.
I submitted 36 pull requests in a short window and mass-tagged the maintenance working group. That was the wrong way to approach this repository. I apologise to @kdmccormick and to the
@openedx/wg-maintenance-openedx-platformmembers for the notification noise.For the security-related patches, I should have used the private disclosure channel at
security@openedx.orgrather than public pull requests. The original body of this PR included exploit paths and affected line numbers; that content has been removed here to avoid indexing. Any legitimate security finding will be re-reported privately through the proper channel.For the bug-fix patches, I plan to re-engage the community through the correct process: discussing on https://discuss.openedx.org first, then submitting one focused change per PR, and only tagging maintainers when a PR has passed CI and an individual reviewer asks to be involved.
No further action requested on this PR.