Skip to content

Fix dependabot issues#809

Open
vgvoleg wants to merge 8 commits intomainfrom
fix_dependabot
Open

Fix dependabot issues#809
vgvoleg wants to merge 8 commits intomainfrom
fix_dependabot

Conversation

@vgvoleg
Copy link
Copy Markdown
Collaborator

@vgvoleg vgvoleg commented Apr 21, 2026

Pull request type

Please check the type of change your PR introduces:

  • Bugfix
  • Feature
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • Documentation content changes
  • Other (please describe):

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Other information

vgvoleg added 8 commits April 21, 2026 21:40
PyJWT >=2.5 changed the error message from
"Could not deserialize key data." to
"Could not parse the provided public key.".
…yptography

- ES512 with HMAC-encoded key now surfaces cryptography's "Unable to load
  PEM file" error (pyjwt no longer wraps it for ECDSA).
- ES512 with RSA key now fails with pyjwt's "Wrong key provided for ECDSA
  algorithms" (pyjwt added explicit key-type validation).
The three "invalid key" cases used to assert specific error messages from
pyjwt/cryptography, which differ between library versions and break with
every dependency bump. The actual contract under test is:

  1. an exception is raised,
  2. it is wrapped by our Oauth2TokenExchangeCredentials error handling,
  3. no HTTP request is made (already enforced by http_request_is_expected).

Match our own stable "Oauth2TokenExchangeCredentials:" prefix instead of
the upstream wording.
The retriable error backoff sleep can take up to 1s, which together
with the 1s wait_for timeout makes the test flaky on slower CI runners.
Bump to 5s for both wait_for calls.
`DockerProject.stop()` was running `docker compose kill` via subprocess,
which forks the python process. On Python 3.9 this races with the
driver's active gRPC threads and crashes the child with SIGABRT
(`fork_posix.cc: Other threads are currently calling into gRPC` followed
by `epoll_wait error: Bad file descriptor`), failing every integration
job on 3.9 in CI.

Killing through the Docker SDK (unix socket, no fork) eliminates the
race. `start()` keeps the `docker compose up -d --force-recreate` path
because reviving an in-memory PDisk YDB after SIGKILL needs the full
compose config — by then the driver's connections are already broken
and its threads are sleeping in retry backoff, so forking is safe.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant