Upgrade setuptools to fix CVE
#21314
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
krishnan-chandra
force-pushed
the
upgrade-setuptools
branch
from
bb3faca to
5371e46
Compare
krishnan-chandra
added
category:internal
|
This is a bit gnarly, because the tests in many other places in the Pants repo depend upon the |
krishnan-chandra
force-pushed
the
upgrade-setuptools
branch
from
7b97421 to
35364ea
Compare
docs/notes/2.23.x.md
Outdated
| `buildifier` was added to the list of supported formatters that can be used to format the BUILD files. | ||
| It may be helpful if your organization is migrating from Bazel and wants to keep the style of the BUILD files | ||
| consistent or if for any other reason you may want to adopt the formatting style that is enforced by `buildifier`. | ||
| `buildifier` was added to the list of supported formatters that can be used to format the BUILD files. |
There was a problem hiding this comment.
Sorry about these changes - looks like my editor took out some trailing whitespace on lines. If the whitespace is needed I'm happy to revert out the whitespace changes specifically.
krishnan-chandra
force-pushed
the
upgrade-setuptools
branch
from
c808f5a to
3f53220
Compare
cburroughs
added a commit
to cburroughs/pants
that referenced
this pull request
Sep 7, 2024
Delicious delicious dog food. First spotted in pantsbuild#21314
|
@krishnan-chandra thanks for running with this so far! I hope to tease out some of the Python 3.7 and other complications you ran into, which I hope leaves a more straightforward setuptools upgrade and not a tangled rebase mess. |
cburroughs
added a commit
that referenced
this pull request
Sep 9, 2024
Delicious delicious dog food. First spotted in #21314
cburroughs
added a commit
to cburroughs/pants
that referenced
this pull request
Sep 10, 2024
As a consequence, most tests no longer work with 3.7 since -- for example -- the lockfile with pytest does not support 3.7. This downgrades 3.7 to "probably works but not well tested", which is the same state as 3.6. Since 3.7 has been EoL for over a year I think this is reasonable. This opens up the way for Python 3.13 support in lockfiles among other benefits. As another consequence, lockfiles are regenerated which means we have some new versions coming along for the ride. The pretty lockfile diff does not seem to work with the generation script though --> pantsbuild#21388 Uses of Pants can still use 3.7 by generating their own lockfiles. Deprecation plan annouced at https://www.pantsbuild.org/blog/2024/08/24/venerable-pythons Based off work started in pantsbuild#21314 ref pantsbuild#21184, pantsbuild#21103, pantsbuild#20852
|
We've just branched for 2.23, so merging this pull request now will come out in 2.24, please move the release notes updates to |
cburroughs
added a commit
that referenced
this pull request
Sep 12, 2024
As a consequence, most tests no longer work with 3.7 since -- for example -- the lockfile with pytest does not support 3.7. This downgrades 3.7 to "probably works but not well tested", which is the same state as 3.6. Since 3.7 has been EoL for over a year I think this is reasonable. This opens up the way for Python 3.13 support in lockfiles among other benefits. As another consequence, lockfiles are regenerated which means we have some new versions coming along for the ride. The pretty lockfile diff does not seem to work with the generation script though --> #21388 Uses of Pants can still use 3.7 by generating their own lockfiles. Deprecation plan announced at https://www.pantsbuild.org/blog/2024/08/24/venerable-pythons Based off work started in #21314 ref #21184, #21103, #20852
|
With #21389 landed I think this should be clear of scope spiraling road blocks. Let me know if you run into any other trouble. |
|
Yes! I think that should be the last roadblock, I will get this cleaned up and rebased later today. |
krishnan-chandra
force-pushed
the
upgrade-setuptools
branch
from
d72b989 to
9ccb714
Compare
cburroughs
approved these changes
Sep 13, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #21184. This has the side effect of removing default tool lockfile support for Python 3.7 by default; however, support can be restored via creating a custom tool lockfile.