)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":23851,"name":"Riccardo Pittau","email":"elfosardo@gmail.com","username":"elfosardo"},"change_message_id":"810fef2e7a6a4a4bc0a6b2b0d7f6ba4d8ad186a9","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"0b2cc11b_6e6c8e2a","updated":"2023-06-26 07:57:18.000000000","message":"despite introducing the new http_request_timeout option, this is truly just part of the fix, so I\u0027m ok leaving things as they are, release note included","commit_id":"78c1343a540060527ff56cee92a9072146034ecb"}],"ironic_python_agent/config.py":[{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"a005726e747d15014783133ea8afbbdb5db443fa","unresolved":false,"context_lines":[{"line_number":331,"context_line":"    cfg.BoolOpt(\u0027md5_enabled\u0027,"},{"line_number":332,"context_line":"                default\u003dFalse,"},{"line_number":333,"context_line":"                help\u003d\u0027If the MD5 algorithm is enabled for file checksums.\u0027),"},{"line_number":334,"context_line":"    cfg.IntOpt(\u0027http_request_timeout\u0027,"},{"line_number":335,"context_line":"               default\u003d30,"},{"line_number":336,"context_line":"               min\u003d1,"},{"line_number":337,"context_line":"               help\u003d\u0027Time in seconds to wait for an HTTP request TCP socket \u0027"}],"source_content_type":"text/x-python","patch_set":4,"id":"7369f9f9_e6ade0f1","line":334,"updated":"2023-05-03 08:37:22.000000000","message":"Could you add a kernel parameter for this? I don\u0027t think this option has security implications.","commit_id":"45ff41faf9c3af06a8bfb735fe539c00f0c0aa91"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"6e97950fa4a9eedcefc1bdfe5f40a3edecd8c12a","unresolved":false,"context_lines":[{"line_number":331,"context_line":"    cfg.BoolOpt(\u0027md5_enabled\u0027,"},{"line_number":332,"context_line":"                default\u003dFalse,"},{"line_number":333,"context_line":"                help\u003d\u0027If the MD5 algorithm is enabled for file checksums.\u0027),"},{"line_number":334,"context_line":"    cfg.IntOpt(\u0027http_request_timeout\u0027,"},{"line_number":335,"context_line":"               default\u003d30,"},{"line_number":336,"context_line":"               min\u003d1,"},{"line_number":337,"context_line":"               help\u003d\u0027Time in seconds to wait for an HTTP request TCP socket \u0027"}],"source_content_type":"text/x-python","patch_set":4,"id":"4b3ef862_6b8bb333","line":334,"in_reply_to":"7369f9f9_e6ade0f1","updated":"2023-05-08 18:44:33.000000000","message":"That seems a bit silly to me unless we\u0027re deploying nodes on Mars, but... *shrugs*","commit_id":"45ff41faf9c3af06a8bfb735fe539c00f0c0aa91"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"c3ebd30f96faa40a3a75926fadd70f546e0fd80d","unresolved":false,"context_lines":[{"line_number":333,"context_line":"                help\u003d\u0027If the MD5 algorithm is enabled for file checksums. \u0027"},{"line_number":334,"context_line":"                     \u0027Will be changed to False in the future.\u0027),"},{"line_number":335,"context_line":"    cfg.IntOpt(\u0027http_request_timeout\u0027,"},{"line_number":336,"context_line":"               default\u003dAPARAMS.get(\u0027http-request-timeout\u0027, 30),"},{"line_number":337,"context_line":"               min\u003d1,"},{"line_number":338,"context_line":"               help\u003d\u0027Time in seconds to wait for an HTTP request TCP socket \u0027"},{"line_number":339,"context_line":"                    \u0027to enter a state where a request can be transmitted.\u0027),"}],"source_content_type":"text/x-python","patch_set":5,"id":"7aca2b97_1813578c","line":336,"updated":"2023-05-15 16:45:18.000000000","message":"Needs \"ipa-\" prefix for consistency","commit_id":"930bd112b7b4a1f4a4374119284bb40d1e158579"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"15c940743e417949e892ddbb9e898ccb9b1c2f1f","unresolved":false,"context_lines":[{"line_number":333,"context_line":"                help\u003d\u0027If the MD5 algorithm is enabled for file checksums. \u0027"},{"line_number":334,"context_line":"                     \u0027Will be changed to False in the future.\u0027),"},{"line_number":335,"context_line":"    cfg.IntOpt(\u0027http_request_timeout\u0027,"},{"line_number":336,"context_line":"               default\u003dAPARAMS.get(\u0027http-request-timeout\u0027, 30),"},{"line_number":337,"context_line":"               min\u003d1,"},{"line_number":338,"context_line":"               help\u003d\u0027Time in seconds to wait for an HTTP request TCP socket \u0027"},{"line_number":339,"context_line":"                    \u0027to enter a state where a request can be transmitted.\u0027),"}],"source_content_type":"text/x-python","patch_set":5,"id":"a11ed533_f99cb960","line":336,"in_reply_to":"7aca2b97_1813578c","updated":"2023-05-18 16:05:13.000000000","message":"Done.","commit_id":"930bd112b7b4a1f4a4374119284bb40d1e158579"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"c3ebd30f96faa40a3a75926fadd70f546e0fd80d","unresolved":false,"context_lines":[{"line_number":334,"context_line":"                     \u0027Will be changed to False in the future.\u0027),"},{"line_number":335,"context_line":"    cfg.IntOpt(\u0027http_request_timeout\u0027,"},{"line_number":336,"context_line":"               default\u003dAPARAMS.get(\u0027http-request-timeout\u0027, 30),"},{"line_number":337,"context_line":"               min\u003d1,"},{"line_number":338,"context_line":"               help\u003d\u0027Time in seconds to wait for an HTTP request TCP socket \u0027"},{"line_number":339,"context_line":"                    \u0027to enter a state where a request can be transmitted.\u0027),"},{"line_number":340,"context_line":"]"}],"source_content_type":"text/x-python","patch_set":5,"id":"2e1b90f6_cd160273","line":337,"updated":"2023-05-15 16:45:18.000000000","message":"Maybe we should default this to image_download_connection_timeout (see above)?","commit_id":"930bd112b7b4a1f4a4374119284bb40d1e158579"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"15c940743e417949e892ddbb9e898ccb9b1c2f1f","unresolved":false,"context_lines":[{"line_number":334,"context_line":"                     \u0027Will be changed to False in the future.\u0027),"},{"line_number":335,"context_line":"    cfg.IntOpt(\u0027http_request_timeout\u0027,"},{"line_number":336,"context_line":"               default\u003dAPARAMS.get(\u0027http-request-timeout\u0027, 30),"},{"line_number":337,"context_line":"               min\u003d1,"},{"line_number":338,"context_line":"               help\u003d\u0027Time in seconds to wait for an HTTP request TCP socket \u0027"},{"line_number":339,"context_line":"                    \u0027to enter a state where a request can be transmitted.\u0027),"},{"line_number":340,"context_line":"]"}],"source_content_type":"text/x-python","patch_set":5,"id":"aa56348e_755631d9","line":337,"in_reply_to":"2e1b90f6_cd160273","updated":"2023-05-18 16:05:13.000000000","message":"That is kind of expansive, since we already default out to a kernel command line override.","commit_id":"930bd112b7b4a1f4a4374119284bb40d1e158579"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"c3ebd30f96faa40a3a75926fadd70f546e0fd80d","unresolved":false,"context_lines":[{"line_number":336,"context_line":"               default\u003dAPARAMS.get(\u0027http-request-timeout\u0027, 30),"},{"line_number":337,"context_line":"               min\u003d1,"},{"line_number":338,"context_line":"               help\u003d\u0027Time in seconds to wait for an HTTP request TCP socket \u0027"},{"line_number":339,"context_line":"                    \u0027to enter a state where a request can be transmitted.\u0027),"},{"line_number":340,"context_line":"]"},{"line_number":341,"context_line":""},{"line_number":342,"context_line":"CONF.register_cli_opts(cli_opts)"}],"source_content_type":"text/x-python","patch_set":5,"id":"7c6b0cdf_eb8da7a6","line":339,"updated":"2023-05-15 16:45:18.000000000","message":"Maybe mention that it applies to API requests to distinguish from image_download_connection_timeout","commit_id":"930bd112b7b4a1f4a4374119284bb40d1e158579"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"15c940743e417949e892ddbb9e898ccb9b1c2f1f","unresolved":false,"context_lines":[{"line_number":336,"context_line":"               default\u003dAPARAMS.get(\u0027http-request-timeout\u0027, 30),"},{"line_number":337,"context_line":"               min\u003d1,"},{"line_number":338,"context_line":"               help\u003d\u0027Time in seconds to wait for an HTTP request TCP socket \u0027"},{"line_number":339,"context_line":"                    \u0027to enter a state where a request can be transmitted.\u0027),"},{"line_number":340,"context_line":"]"},{"line_number":341,"context_line":""},{"line_number":342,"context_line":"CONF.register_cli_opts(cli_opts)"}],"source_content_type":"text/x-python","patch_set":5,"id":"1c18153c_989ed095","line":339,"in_reply_to":"7c6b0cdf_eb8da7a6","updated":"2023-05-18 16:05:13.000000000","message":"Done.","commit_id":"930bd112b7b4a1f4a4374119284bb40d1e158579"}],"ironic_python_agent/hardware_managers/nvidia/nvidia_fw_update.py":[{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"af5cc595b19914402c2d9c8894e2f03f111d91de","unresolved":false,"context_lines":[{"line_number":416,"context_line":"            LOG.info(\u0027Downloading file: %s to %s\u0027, self.url,"},{"line_number":417,"context_line":"                     self.dest_file_path)"},{"line_number":418,"context_line":"            # NOTE(TheJulia: nosec b310 rule below is covered by _process_url"},{"line_number":419,"context_line":"            url_data \u003d request.urlopen(self.url, timeout\u003d30)  # nosec"},{"line_number":420,"context_line":"        except urlError.URLError as url_error:"},{"line_number":421,"context_line":"            LOG.error(\u0027Failed to open URL data: %s\u0027, url_error)"},{"line_number":422,"context_line":"            raise url_error"}],"source_content_type":"text/x-python","patch_set":1,"id":"d264ebc3_b504cb80","line":419,"updated":"2023-04-12 10:45:33.000000000","message":"Let\u0027s make this and the other instances configurable. It won\u0027t take much for someone with an unusual network setup to come complain...","commit_id":"32a36a752c032f1bd9bc0b11ca194f51c2cef281"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"af5cc595b19914402c2d9c8894e2f03f111d91de","unresolved":false,"context_lines":[{"line_number":442,"context_line":"        url_scheme \u003d parsed_url.scheme"},{"line_number":443,"context_line":"        if url_scheme \u003d\u003d \u0027file\u0027:"},{"line_number":444,"context_line":"            self._download_file_based_fw()"},{"line_number":445,"context_line":"        elif url_scheme \u003d\u003d \u0027http\u0027 or url_scheme \u003d\u003d \u0027https\u0027:"},{"line_number":446,"context_line":"            self._download_http_based_fw()"},{"line_number":447,"context_line":"        else:"},{"line_number":448,"context_line":"            err \u003d \u0027Firmware URL scheme %s is not supported.\u0027 \\"}],"source_content_type":"text/x-python","patch_set":1,"id":"e0f44d56_6a514c8a","line":445,"updated":"2023-04-12 10:45:33.000000000","message":"Could you fix this separately? It\u0027s an important enough fix to be split from the bandit one and backported.\n\nOn top of that, the error message below should be fixed and we should make sure that the download process respects the TLS configuration.","commit_id":"32a36a752c032f1bd9bc0b11ca194f51c2cef281"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"c3ebd30f96faa40a3a75926fadd70f546e0fd80d","unresolved":false,"context_lines":[{"line_number":422,"context_line":"            # NOTE(TheJulia: nosec b310 rule below is covered by _process_url"},{"line_number":423,"context_line":"            url_data \u003d request.urlopen("},{"line_number":424,"context_line":"                self.url,"},{"line_number":425,"context_line":"                timeout\u003dCONF.http_request_timeout)  # nosec"},{"line_number":426,"context_line":"        except urlError.URLError as url_error:"},{"line_number":427,"context_line":"            LOG.error(\u0027Failed to open URL data: %s\u0027, url_error)"},{"line_number":428,"context_line":"            raise url_error"}],"source_content_type":"text/x-python","patch_set":5,"id":"f3f316e9_a4868a8d","line":425,"updated":"2023-05-15 16:45:18.000000000","message":"nit: I wonder if image_download_connection_timeout fits better here logically","commit_id":"930bd112b7b4a1f4a4374119284bb40d1e158579"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"15c940743e417949e892ddbb9e898ccb9b1c2f1f","unresolved":false,"context_lines":[{"line_number":422,"context_line":"            # NOTE(TheJulia: nosec b310 rule below is covered by _process_url"},{"line_number":423,"context_line":"            url_data \u003d request.urlopen("},{"line_number":424,"context_line":"                self.url,"},{"line_number":425,"context_line":"                timeout\u003dCONF.http_request_timeout)  # nosec"},{"line_number":426,"context_line":"        except urlError.URLError as url_error:"},{"line_number":427,"context_line":"            LOG.error(\u0027Failed to open URL data: %s\u0027, url_error)"},{"line_number":428,"context_line":"            raise url_error"}],"source_content_type":"text/x-python","patch_set":5,"id":"01490713_4fcf9bcf","line":425,"in_reply_to":"f3f316e9_a4868a8d","updated":"2023-05-18 16:05:13.000000000","message":"Done.","commit_id":"930bd112b7b4a1f4a4374119284bb40d1e158579"}],"ironic_python_agent/inspector.py":[{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"c3ebd30f96faa40a3a75926fadd70f546e0fd80d","unresolved":false,"context_lines":[{"line_number":142,"context_line":"        return requests.post("},{"line_number":143,"context_line":"            CONF.inspection_callback_url, data\u003ddata,"},{"line_number":144,"context_line":"            verify\u003dverify, cert\u003dcert,"},{"line_number":145,"context_line":"            timeout\u003dCONF.http_request_timeout)"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"    resp \u003d _post_to_inspector()"},{"line_number":148,"context_line":"    if resp.status_code \u003e\u003d 400:"}],"source_content_type":"text/x-python","patch_set":5,"id":"0259e95d_2497ef08","line":145,"updated":"2023-05-15 16:45:18.000000000","message":"Bandit cannot spot it, but we need the same change to ironic_api_client","commit_id":"930bd112b7b4a1f4a4374119284bb40d1e158579"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"15c940743e417949e892ddbb9e898ccb9b1c2f1f","unresolved":false,"context_lines":[{"line_number":142,"context_line":"        return requests.post("},{"line_number":143,"context_line":"            CONF.inspection_callback_url, data\u003ddata,"},{"line_number":144,"context_line":"            verify\u003dverify, cert\u003dcert,"},{"line_number":145,"context_line":"            timeout\u003dCONF.http_request_timeout)"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"    resp \u003d _post_to_inspector()"},{"line_number":148,"context_line":"    if resp.status_code \u003e\u003d 400:"}],"source_content_type":"text/x-python","patch_set":5,"id":"5773c561_4b505245","line":145,"in_reply_to":"0259e95d_2497ef08","updated":"2023-05-18 16:05:13.000000000","message":"ack, done.","commit_id":"930bd112b7b4a1f4a4374119284bb40d1e158579"}],"releasenotes/notes/bandit-fixes-a971142075b29ca9.yaml":[{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"4616812654b6a67aa0b1eec924f50b7db9d67d5e","unresolved":true,"context_lines":[{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Fixes timeout declarations for Bandit 1.7.5 rule additions."},{"line_number":5,"context_line":"  - |"},{"line_number":6,"context_line":"    Adds a ``http_request_timeout`` setting to allow for operators"},{"line_number":7,"context_line":"    to set the amount of time to wait for a new request socket to"},{"line_number":8,"context_line":"    wait."}],"source_content_type":"text/x-yaml","patch_set":6,"id":"7dcfc90c_b3996d45","line":6,"updated":"2023-05-18 16:09:32.000000000","message":"Should this, as a new config option, be in a section more prominent than fixes?","commit_id":"e15eb87b5bd721a8b0f5ba3362383cf189364309"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"b6665de7a345eb2eba5134049c454a27478eef65","unresolved":true,"context_lines":[{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Fixes timeout declarations for Bandit 1.7.5 rule additions."},{"line_number":5,"context_line":"  - |"},{"line_number":6,"context_line":"    Adds a ``http_request_timeout`` setting to allow for operators"},{"line_number":7,"context_line":"    to set the amount of time to wait for a new request socket to"},{"line_number":8,"context_line":"    wait."}],"source_content_type":"text/x-yaml","patch_set":6,"id":"22d2663e_dd0724fa","line":6,"in_reply_to":"7dcfc90c_b3996d45","updated":"2023-05-24 03:42:41.000000000","message":"Does it really matter beyond initial connection as opposed to forever hanging agent?\n\nI guess I can change it, but fixing bandit has been painful.","commit_id":"e15eb87b5bd721a8b0f5ba3362383cf189364309"},{"author":{"_account_id":24828,"name":"Kaifeng Wang","email":"kaifeng.w@gmail.com","username":"wangkf"},"change_message_id":"85a0506ce6615db2714a273fa44225b33acb5539","unresolved":true,"context_lines":[{"line_number":8,"context_line":"    for a new request socket to wait. This helps prevent prevent"},{"line_number":9,"context_line":"    a possible hanged connection should the initial packets be"},{"line_number":10,"context_line":"    lost in tranist."},{"line_number":11,"context_line":"other:"},{"line_number":12,"context_line":"  - |"},{"line_number":13,"context_line":"    Adds a new configuration option ``http_request_timeout``"},{"line_number":14,"context_line":"    which is also accessible utilizing the kernel command line"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"8ccdc80a_1f221d56","line":11,"updated":"2023-06-19 16:07:44.000000000","message":"feels like a feature to me :)","commit_id":"78c1343a540060527ff56cee92a9072146034ecb"}],"zuul.d/project.yaml":[{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"af5cc595b19914402c2d9c8894e2f03f111d91de","unresolved":false,"context_lines":[{"line_number":9,"context_line":"    check:"},{"line_number":10,"context_line":"      jobs:"},{"line_number":11,"context_line":"        - openstack-tox-functional"},{"line_number":12,"context_line":"        - ipa-tox-bandit"},{"line_number":13,"context_line":"        - ipa-tox-examples"},{"line_number":14,"context_line":"        # NOTE(iurygregory) Only run this two jobs since we are testing"},{"line_number":15,"context_line":"        # wholedisk + partition on tempest"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"def55759_93717f76","line":12,"updated":"2023-04-12 10:45:33.000000000","message":"Voting jobs must be added to the gate","commit_id":"32a36a752c032f1bd9bc0b11ca194f51c2cef281"}]}
