Frappe 13 update error on "snyk protect"

Taweechai_Maklay · July 26, 2023, 1:39am

I’m using frappe 13 and while we deploy we’ve found error about snyk. Below is logs while run “bench update”. please kindly help.

This is not the recommended mode of installation for production. Instead, install the package from PyPI with: pip install frappe-bench

branch version-13 → FETCH_HEAD
WARN: shallow_clone is set in your bench config.
However without passing the --reset flag, your repositories will be unshallowed.
To avoid this, cancel this operation and run bench update --reset.

Consider the consequences of git reset --hard on your apps before you run that.
To avoid seeing this warning, set shallow_clone to false in your common_site_config.json

Backup Summary for mysite.local at 2023-07-26 08:24:11.859317
Config : ./mysite.local/private/backups/20230726_082305-mysite_local-site_config_backup.json 267.0B
Database: ./mysite.local/private/backups/20230726_082305-mysite_local-database.sql.gz 147.0MiB
Backup for Site mysite.local has been successfully completed
Will continue execution in 10 seconds…
Will continue execution in 9 seconds…
Will continue execution in 8 seconds…
Will continue execution in 7 seconds…
Will continue execution in 6 seconds…
Will continue execution in 5 seconds…
Will continue execution in 4 seconds…
Will continue execution in 3 seconds…
Will continue execution in 2 seconds…
Will continue execution in 1 seconds…

Backing up sites…
Updating apps source…
$ git pull upstream master
hint: Pulling without specifying how to reconcile divergent branches is
hint: discouraged. You can squelch this message by running one of the following
hint: commands sometime before your next pull:
hint:
hint: git config pull.rebase false # merge (the default strategy)
hint: git config pull.rebase true # rebase
hint: git config pull.ff only # fast-forward only
hint:
hint: You can replace “git config” with “git config --global” to set a default
hint: preference for all repositories. You can also pass --rebase, --no-rebase,
hint: or --ff-only on the command line to override the configured default per
hint: invocation.
From /workspace/erpnext
branch master → FETCH_HEAD
Already up to date.
$ find . -name “.pyc" -delete
$ git pull upstream master
hint: Pulling without specifying how to reconcile divergent branches is
hint: discouraged. You can squelch this message by running one of the following
hint: commands sometime before your next pull:
hint:
hint: git config pull.rebase false # merge (the default strategy)
hint: git config pull.rebase true # rebase
hint: git config pull.ff only # fast-forward only
hint:
hint: You can replace “git config” with “git config --global” to set a default
hint: preference for all repositories. You can also pass --rebase, --no-rebase,
hint: or --ff-only on the command line to override the configured default per
hint: invocation.
From /workspace/frappe-attachments-s3
branch master → FETCH_HEAD
Already up to date.
$ find . -name ".pyc” -delete
Setting up requirements…
$ /home/frappe/frappe-bench-13/env/bin/python -m pip install --quiet --upgrade pip
DEPRECATION: dropbox 11.7.0 has a non-standard dependency specifier stone>=2.. pip 23.3 will enforce this behaviour change. A possible replacement is to upgrade to a newer version of dropbox or contact the author to suggest that they release a version with a conforming dependency specifiers. Discussion can be found at
Installing 3 applications…
Installing frappe
$ /home/frappe/frappe-bench-13/env/bin/python -m pip install --quiet --upgrade -e /home/frappe/frappe-bench-13/apps/frappe
DEPRECATION: dropbox 11.7.0 has a non-standard dependency specifier stone>=2.. pip 23.3 will enforce this behaviour change. A possible replacement is to upgrade to a newer version of dropbox or contact the author to suggest that they release a version with a conforming dependency specifiers. Discussion can be found at httpx://github.com/pypa/pip/issues/12063
$ yarn install
yarn install v1.22.17
[1/4] Resolving packages…
success Already up-to-date.
$ yarn run snyk-protect
yarn run v1.22.17
$ snyk protect
Authentication failed. Please check the API token on https://snyk.io

error Command failed with exit code 2.
info Visit httpx://yarnpkg.com/en/docs/cli/run for documentation about this command.
error Command failed with exit code 2.
info Visit httpx://yarnpkg.com/en/docs/cli/install for documentation about this command.
ERROR:

VamYip · August 7, 2023, 8:50pm

Were you able to solve this?

Taweechai_Maklay · August 8, 2023, 3:03am

Yeah, I temporary fixed it by export snyk token as linux ENV before run build

VamYip · August 8, 2023, 12:25pm

Thanks for the reply.

For me the issue was somehow related to the below command I was running to update frappe app in the bench

bench update --apps frappe --patch --build --requirements

Running the below command solved it. When it was ran I saw latest code being pulled into Frappe, which could be partly be the reason it worked eventually.

bench update --apps frappe

Note: This should not be done on an bench which has ERPNext also because and ERPNext update should be done together. In our scenario the bench didn’t have ERPNext.

FHenry · September 4, 2023, 6:34pm

I got this situation
here the solve I apply

/home/frappe/benches/**XXXX**/env/bin/python -m pip uninstall dropbox

/home/frappe/benches/**XXXX**/env/bin/python -m pip install dropbox

bench update --reset --no-backup

My guess: dropbox had unclean dependencies when last time I’ve update, now it’s solved. So uninstall and reinstall solve this problem

Note : the installed version is dropbox 11.36.2 not 11.36.0, not best but OK as last digit version is bugfix only, no API change