Skip to content

Upgrade to Python 3.11, upgrade various dependencies #7600

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wlach wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Upgrade to Python 3.11, upgrade various dependencies #7600

wlach wants to merge 1 commit into from
+403 −431

Conversation

@wlach
Copy link
Contributor

@wlach wlach commented Jan 2, 2026
edited
Loading

What type of PR is this?

  • Refactor
  • Feature
  • Bug Fix
  • New Query Runner (Data Source)
  • New Alert Destination
  • Other

Description

Runs redash on a supported version of Python (3.11) and upgrades various dependencies to fix security vulnerabilities. Continuation of work of #7510 from @wtfiwtz (removing changes that are not strictly related to the upgrade)

How is this tested?

  • Unit tests (pytest, jest)
  • E2E Tests (Cypress)
  • Manually
  • N/A

Ran redash locally, verified it still works.

Related Tickets & Documents

Mobile & Desktop Screenshots/Recordings (if there are UI changes)

@wlach wlach force-pushed the upgrade-python-311-fix-vulns branch from 4d12d5f to 2dd003a Compare January 2, 2026 22:28
@wlach wlach force-pushed the upgrade-python-311-fix-vulns branch from 2dd003a to b76cb28 Compare January 2, 2026 22:32
wlach
wlach commented Jan 2, 2026
View reviewed changes
pyproject.toml
requests-aws-sign = "0.1.5"
sasl = ">=0.1.3"
# TODO: https://github.com/cloudera/python-sasl/pull/31 - outstanding PR to be merged
sasl = { git = "https://github.com/gughy8/python-sasl.git#master" }
Copy link
Contributor Author

@wlach wlach Jan 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Per discussion this dependency is pretty outdated. See also discussion: #7510 (comment)

Copy link
Contributor Author

@wlach wlach Jan 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also recompiling this seems to take a really long time-- increasing the build times significantly (from 6 to 11 minutes), not sure if anything can really be done about it.

@eradman
Copy link
Collaborator

eradman commented Jan 3, 2026

Thanks for picking this up @wlach! We will want to update packages that lead to this warning, which is printed when using manage.py

/usr/local/lib/python3.11/site-packages/databend_sqlalchemy/entry_points.py:4: UserWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html. The pkg_resources package is slated for removal as early
as 2025-11-30. Refrain from using this package or pin to Setuptools<81.
  import pkg_resources

@wlach
Copy link
Contributor Author

wlach commented Jan 4, 2026

Thanks for picking this up @wlach! We will want to update packages that lead to this warning, which is printed when using manage.py

...

Right. Downgrading setuptools may also be an option?

@yoshiokatsuneo
Copy link
Contributor

yoshiokatsuneo commented Jan 5, 2026

@wlach

Thank you for upgrading python !
Just a question, but is there any reason not to upgrade to the latest python like 3.14 ?

@wlach
Copy link
Contributor Author

wlach commented Jan 5, 2026

@wlach

Thank you for upgrading python ! Just a question, but is there any reason not to upgrade to the latest python like 3.14 ?

Mostly because I am ~certain that upgrading Python to an even later version will likely break more things (besides sasl) -- there's been lots of changes in behaviour and standard library support over the last 3 years or so. This discussion is relevant: #7601

@yoshiokatsuneo
Copy link
Contributor

yoshiokatsuneo commented Jan 5, 2026

@wlach
Thank you for upgrading python ! Just a question, but is there any reason not to upgrade to the latest python like 3.14 ?

Mostly because I am ~certain that upgrading Python to an even later version will likely break more things (besides sasl) -- there's been lots of changes in behaviour and standard library support over the last 3 years or so. This discussion is relevant: #7601

@wlach

I see. Thanks !
It looks nice to upgrade step-by-step to make each step more simple !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wlach @eradman @yoshiokatsuneo