Skip to content

CTM-323 Upgrade libraries, pin to Python 3.12#83

Merged
aednichols merged 6 commits intodevfrom
aen_ctm_323
Feb 18, 2026
Merged

CTM-323 Upgrade libraries, pin to Python 3.12#83
aednichols merged 6 commits intodevfrom
aen_ctm_323

Conversation

@aednichols
Copy link
Contributor

@aednichols aednichols commented Feb 17, 2026
edited
Loading

  • Upgrade urllib3, requests to latest versions to address vulns
  • Upgrade CI to Python 3.12 as Poetry dropped 3.9 support [0]
  • Pin Poetry version to current
  • Floating Python version in Dockerfile was giving us 3.14 in production [1], address by pinning to 3.12
    • CI and production should obviously use the same version
  • Remove temp workaround with Debian testing, no longer necessary [2]

Why 3.12? It's the latest version for which we have a pinned base image.

Similar to Job Manager DataBiosphere/job-manager#803

[0] https://github.com/python-poetry/poetry/releases/tag/2.3.0
[1]

# Current production
> docker run -it --entrypoint /bin/bash gcr.io/broad-dsp-gcr-public/calhoun:dev -c "python --version"
Python 3.14.0

[2]

# This branch
> docker run -it --entrypoint /bin/bash gcr.io/broad-dsp-gcr-public/calhoun@sha256:c1a4e930f98db00eeda947b3013dfc55792069828c0d766e3ed64965dbcae74f -c "R --version"
R version 4.5.0 (2025-04-11) -- "How About a Twenty-Six"
Copyright (C) 2025 The R Foundation for Statistical Computing
Platform: x86_64-pc-linux-gnu

@aednichols aednichols mentioned this pull request Feb 18, 2026
Merged
2 tasks
@aednichols aednichols marked this pull request as ready for review February 18, 2026 17:26
@aednichols aednichols requested a review from a team as a code owner February 18, 2026 17:26
@aednichols aednichols marked this pull request as draft February 18, 2026 17:50
@aednichols aednichols changed the title CTM-323 Upgrade urllib3, requests CTM-323 Upgrade libraries, pin to Python 3.12 Feb 18, 2026
@aednichols aednichols marked this pull request as ready for review February 18, 2026 18:54
lucymcnatt
lucymcnatt approved these changes Feb 18, 2026
View reviewed changes
Copy link
Contributor

@lucymcnatt lucymcnatt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the cleanup!

@aednichols aednichols merged commit f972881 into dev Feb 18, 2026
4 checks passed
@aednichols aednichols deleted the aen_ctm_323 branch February 18, 2026 19:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LizBaldo LizBaldo LizBaldo approved these changes

@lucymcnatt lucymcnatt lucymcnatt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aednichols @LizBaldo @lucymcnatt