Skip to content

Pin bandersnatch to <6.6. #814

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 20, 2025
Merged

Pin bandersnatch to <6.6. #814

merged 1 commit into from
Mar 20, 2025
+3 −2

Conversation

ggainey
Copy link
Contributor

@ggainey ggainey commented Mar 5, 2025

See pypa/bandersnatch#1892 for the discussion.

@ggainey
Copy link
Contributor Author

ggainey commented Mar 20, 2025

The install-failure here is due to our more-strict upperbounds check requiring bandersnatch 6.5, on an image built with python-3.9 - which is not supported by bandersnatch>=6.4.0. We will need to pin to ~=6.3.0 until we stop supporting py3.9, and/or figure out how to make the UB check take the python-version into account.

mdellweg
mdellweg reviewed Mar 20, 2025
View reviewed changes
pyproject.toml Outdated
@@ -29,7 +29,7 @@ requires-python = ">=3.9"
dependencies = [
"pulpcore>=3.49.0,<3.85",
"pkginfo>=1.10.0,<1.13.0",
"bandersnatch>=6.3,<7.0", # Anything >6.3 requires Python 3.10+
"bandersnatch~=6.3.0", # Anything >6.3 requires Python 3.10+
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be

Suggested change
"bandersnatch~=6.3.0", # Anything >6.3 requires Python 3.10+
"bandersnatch>=6.3.0,<6.4", # Anything >6.3 requires Python 3.10+

then?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aren't these identical?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, and no.
They mean the same to python, but dependabot treats them differently.

@ggainey
Pin bandersnatch to ~=6.3.0.
2e064ca 
See pypa/bandersnatch#1892 for the
discussion.  In addition, 6.3.0 is the last bandersnatch that
supports py3.9.

fixes pulp#809.
@ggainey ggainey enabled auto-merge March 20, 2025 16:23
@ggainey ggainey requested a review from mdellweg March 20, 2025 16:28
@ggainey ggainey merged commit 1f44c79 into pulp:main Mar 20, 2025
12 checks passed
@ianballou ianballou mentioned this pull request Apr 9, 2025
Merged
@patchback Patchback
Copy link

patchback bot commented Apr 10, 2025
edited
Loading

Backport to 3.13: 💚 backport PR created

✅ Backport PR branch: patchback/backports/3.13/1f44c79a830e8b6b8aab3e1a8fedf915f54efd99/pr-814

Backported as #831

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

patchback bot pushed a commit that referenced this pull request Apr 10, 2025
@ggainey @patchback
Merge pull request #814 from ggainey/pin_bandersnatch
957a1a9 
Pin bandersnatch to <6.6.

(cherry picked from commit 1f44c79)
@patchback patchback bot mentioned this pull request Apr 10, 2025
Merged
ggainey added a commit that referenced this pull request Apr 10, 2025
@ggainey
Merge pull request #831 from pulp/patchback/backports/3.13/1f44c79a83…
562f518 
…0e8b6b8aab3e1a8fedf915f54efd99/pr-814

[PR #814/1f44c79a backport][3.13] Pin bandersnatch to <6.6.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdellweg mdellweg mdellweg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ggainey @mdellweg