Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove vestigial future package from requirements #338

Merged
merged 3 commits into from
Jan 4, 2023
Merged

Remove vestigial future package from requirements #338

merged 3 commits into from
Jan 4, 2023

Conversation

0xDEC0DE
Copy link
Contributor

@0xDEC0DE 0xDEC0DE commented Jan 4, 2023

This package appears to be a holdover from dropping Python 2.x support, and is no longer needed.

This resolves https://nvd.nist.gov/vuln/detail/CVE-2022-40899

Also update tox.ini to work wirth modern vintages of tox.

This package appears to be a holdover from dropping Python 2.x
support, and is no longer needed.

This resolves https://nvd.nist.gov/vuln/detail/CVE-2022-40899

Also update tox.ini to work wirth modern vintages of tox.
Copy link
Owner

@mtreinish mtreinish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for finding this and fixing it.

@0xDEC0DE
Copy link
Contributor Author

0xDEC0DE commented Jan 4, 2023

Does this need to be feature-creeped to also drop Python 3.6 support? It looks like there are no more available gates to test it.

Python 3.6 is now EoL and testing it is not tractable anymore. This
commit removes support (marked via package metadata trove classifiers)
and CI configuration for running with 3.6 from the project.
@mtreinish
Copy link
Owner

Hmm, yeah I pushed up a quick commit to drop 3.6 support (and add 3.11 in its place) to hopefully unblock this branch.

@0xDEC0DE
Copy link
Contributor Author

0xDEC0DE commented Jan 4, 2023

I have a bad feeling that your Sphinx configs have also bit-rotted here, but I guess we'll see?

@mtreinish
Copy link
Owner

mtreinish commented Jan 4, 2023

Sigh, it looks like everything has bit rotted since the last commit back in September. Only the pep8 job passed...

Edit: Let me try pinning tox to unblock this PR and then I can debug the CI cruft in isolation. A lot of the failures look related to how stestr is getting installed and the change in default behavior for tox 4.x.x has broken me on other projects too.

The most recent tox release, 4.x.y, is a major rewrite of the internals
of tox and several things behave quite differently. This new release
is causing CI jobs to fail as something in incompatible with our tox
configuration (likely because it's using wheel builds instead of
sdists). This commit pins the tox version we're using in CI to unblock
things until we can update the tox configuration to be compatible with
the new version tox.
@codecov-commenter
Copy link

Codecov Report

Merging #338 (f0ab74b) into main (01fb398) will not change coverage.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##             main     #338   +/-   ##
=======================================
  Coverage   61.21%   61.21%           
=======================================
  Files          30       30           
  Lines        2617     2617           
  Branches      470      433   -37     
=======================================
  Hits         1602     1602           
  Misses        891      891           
  Partials      124      124           
Flag Coverage Δ
unittests 61.21% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
stestr/repository/file.py 80.45% <100.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@0xDEC0DE
Copy link
Contributor Author

0xDEC0DE commented Jan 4, 2023

giphy

@mtreinish mtreinish merged commit 64c8aa5 into mtreinish:main Jan 4, 2023
@0xDEC0DE 0xDEC0DE deleted the remove_future branch January 4, 2023 18:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants