Bump opencv-python from 3.4.2.17 to 4.2.0.32

[dependabot]

Bumps opencv-python from 3.4.2.17 to 4.2.0.32.

Release notes

Sourced from opencv-python's releases.

4.2.0.32

• opencv-python: https://pypi.org/project/opencv-python/
• opencv-contrib-python: https://pypi.org/project/opencv-contrib-python/
• opencv-python-headless: https://pypi.org/project/opencv-python-headless/
• opencv-contrib-python-headless: https://pypi.org/project/opencv-contrib-python-headless/

OpenCV version 4.2.0.

Changes:

• macOS environment updated from xcode8.3 to xcode 9.4
• macOS uses now Qt 5 instead of Qt 4
• Nasm version updated to Docker containers
• multibuild updated

Fixes:

• don't use deprecated brew tap-pin, instead refer to the full package name when installing #267
• replace get_config_var() with get_config_vars() in setup.py #274
• add workaround for DLL errors in Windows Server #264

3.4.9.31

• opencv-python: https://pypi.org/project/opencv-python/
• opencv-contrib-python: https://pypi.org/project/opencv-contrib-python/
• opencv-python-headless: https://pypi.org/project/opencv-python-headless/
• opencv-contrib-python-headless: https://pypi.org/project/opencv-contrib-python-headless/

OpenCV version 3.4.9.

Changes:

• macOS environment updated from xcode8.3 to xcode 9.4
• macOS uses now Qt 5 instead of Qt 4
• Nasm version updated to Docker containers
• multibuild updated

Fixes:

• don't use deprecated brew tap-pin, instead refer to the full package name when installing #267
• replace get_config_var() with get_config_vars() in setup.py #274
• add workaround for DLL errors in Windows Server #264

4.1.2.30

• opencv-python: https://pypi.org/project/opencv-python/
• opencv-contrib-python: https://pypi.org/project/opencv-contrib-python/
• opencv-python-headless: https://pypi.org/project/opencv-python-headless/
• opencv-contrib-python-headless: https://pypi.org/project/opencv-contrib-python-headless/

OpenCV version 4.1.2.

Changes:

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[JonathanPorta]

PR Review

Summary

This PR bumps the prebuilt Lambda bundle's opencv-python from 3.4.2.17 to 4.2.0.32. The proposed wheel is available for the repo's Python 3.6 Lambda target, but this is a stale native dependency major-version bump with no CI or Docker/import smoke validation, so it is not safe to merge as-is.

Findings

• Severity: Important
• Location: prebuilt-requirements.txt / Docker-built Lambda dependency bundle
• Problem: The PR changes OpenCV major versions in the artifact that gets installed into /var/task, but does not validate the Docker build or even a cv2 import under the Lambda Python 3.6 image. The target version is also old; PyPI now reports opencv-python 4.13.0.92 as the latest available release.
• Why it matters: OpenCV wheels bring native shared-library and ABI risk, and this repo's whole purpose is to ship a prebuilt runtime bundle. A dependency-only PR that does not prove the bundle still imports and runs can produce a deployable package that fails at Lambda cold start.
• Suggested fix: Close/recreate this stale dependabot PR as part of a current runtime/dependency refresh, or add validation on this branch that runs the Docker build and performs at least python3 -c 'import cv2, numpy; print(cv2.__version__)' inside the same Lambda build/runtime context before merge.

Test / Verification Notes

I inspected the PR diff, prebuilt-requirements.txt, Dockerfile, Makefile, setup.py, and the runtime unpack.py path. I ran a targeted wheel-resolution check for the declared runtime target: pip download --only-binary=:all: --platform manylinux2010_x86_64 --python-version 36 --implementation cp --abi cp36m 'opencv-python==4.2.0.32' 'numpy==1.15.1'; both wheels resolved successfully. I also checked PyPI metadata with pip index versions opencv-python, which reports 4.13.0.92 as latest. I did not run the full Docker build because the PR provides no CI and the issue is missing runtime validation for a stale native dependency bump.

Overall Recommendation

Needs changes before merge.