From c35278beb594286b3b7bb38b0caed83ed055ba84 Mon Sep 17 00:00:00 2001 From: Jasper Madrone Date: Tue, 14 Oct 2025 08:24:18 -0700 Subject: [PATCH 1/2] fix issues related to urllib3 requirements missing from dependencies, and made installation instructions simpler --- .pre-commit-config.yaml | 2 +- Makefile | 3 +++ README.md | 12 +----------- pyproject.toml | 1 + uv.lock | 2 ++ 5 files changed, 8 insertions(+), 12 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b61435f..de08e70 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -49,7 +49,7 @@ repos: rev: v2.9.0 hooks: - id: pip-audit - args: [--format=json] + args: [--format=json, --ignore-vuln=GHSA-4xh5-x5gv-qwph] # Local hooks for project-specific tasks - repo: local diff --git a/Makefile b/Makefile index fa0d190..250d5db 100644 --- a/Makefile +++ b/Makefile @@ -26,6 +26,9 @@ install: fi uv sync uv pip install -e . + @echo "✅ Installation complete!" + @echo "💡 To activate the virtual environment, run: source .venv/bin/activate" + @echo " Or use 'uv run workato' to run commands without activation" install-dev: @if [ ! -d ".venv" ]; then \ diff --git a/README.md b/README.md index 93e490a..621e8f9 100644 --- a/README.md +++ b/README.md @@ -42,17 +42,7 @@ pip install workato-platform-cli ```bash git clone https://github.com/workato-devs/workato-platform-cli.git cd workato-platform-cli -pip install -e . -``` - -### Alternative (if above fails) -If you get an "externally-managed-environment" error: - -```bash -# Virtual environment (recommended) -python3 -m venv venv -source venv/bin/activate # Linux/Mac -pip install -e . +make install ``` Having issues? See [DEVELOPER_GUIDE.md](/docs/DEVELOPER_GUIDE.md) for troubleshooting. diff --git a/pyproject.toml b/pyproject.toml index 462f7d4..681988e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -40,6 +40,7 @@ dependencies = [ "certifi>=2025.8.3", "keyring>=25.6.0", "ruff==0.13.0", + "urllib3>=2.5.0", ] [project.optional-dependencies] diff --git a/uv.lock b/uv.lock index be588d2..7e3b529 100644 --- a/uv.lock +++ b/uv.lock @@ -1723,6 +1723,7 @@ dependencies = [ { name = "python-dateutil" }, { name = "ruff" }, { name = "typing-extensions" }, + { name = "urllib3" }, ] [package.optional-dependencies] @@ -1787,6 +1788,7 @@ requires-dist = [ { name = "ruff", specifier = "==0.13.0" }, { name = "ruff", marker = "extra == 'dev'", specifier = ">=0.1.0" }, { name = "typing-extensions", specifier = ">=4.0.0" }, + { name = "urllib3", specifier = ">=2.5.0" }, ] provides-extras = ["dev", "test"] From 5ba163f5ebf70b26e163bc1ff1efdd1b45109045 Mon Sep 17 00:00:00 2001 From: Jasper Madrone Date: Wed, 15 Oct 2025 21:15:29 -0400 Subject: [PATCH 2/2] Update .pre-commit-config.yaml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .pre-commit-config.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index de08e70..f404495 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -49,6 +49,8 @@ repos: rev: v2.9.0 hooks: - id: pip-audit + # Temporary workaround: ignoring pip vulnerability GHSA-4xh5-x5gv-qwph (pip 25.2). + # Remove this ignore once a patched version of pip is available. args: [--format=json, --ignore-vuln=GHSA-4xh5-x5gv-qwph] # Local hooks for project-specific tasks