diff --git a/python/Dockerfile b/python/Dockerfile index 8b85627d22d..b663161d1ad 100644 --- a/python/Dockerfile +++ b/python/Dockerfile @@ -4,7 +4,6 @@ ARG PY_3_11=3.11.4 ARG PY_3_10=3.10.12 ARG PY_3_9=3.9.17 ARG PY_3_8=3.8.17 -ARG PY_3_7=3.7.17 ARG PYENV_VERSION=v2.3.19 FROM ghcr.io/dependabot/dependabot-updater-core as python-core @@ -12,7 +11,6 @@ ARG PY_3_11 ARG PY_3_10 ARG PY_3_9 ARG PY_3_8 -ARG PY_3_7 ARG PYENV_VERSION USER root @@ -74,13 +72,6 @@ RUN pyenv install $PY_3_8 \ && cd /usr/local/.pyenv \ && tar czf 3.8.tar.gz versions/$PY_3_8 -FROM python-core as python-3.7 -RUN pyenv install $PY_3_7 \ - && bash /opt/python/helpers/build $PY_3_7 \ - && cd /usr/local/.pyenv \ - && tar czf 3.7.tar.gz versions/$PY_3_7 - - FROM ghcr.io/dependabot/dependabot-updater-core ARG PY_3_11 ARG PYENV_VERSION @@ -132,7 +123,6 @@ RUN pyenv install $PY_3_11 \ COPY --from=python-3.10 /usr/local/.pyenv/3.10.tar.gz /usr/local/.pyenv/3.10.tar.gz COPY --from=python-3.9 /usr/local/.pyenv/3.9.tar.gz /usr/local/.pyenv/3.9.tar.gz COPY --from=python-3.8 /usr/local/.pyenv/3.8.tar.gz /usr/local/.pyenv/3.8.tar.gz -COPY --from=python-3.7 /usr/local/.pyenv/3.7.tar.gz /usr/local/.pyenv/3.7.tar.gz COPY --chown=dependabot:dependabot python $DEPENDABOT_HOME/python COPY --chown=dependabot:dependabot common $DEPENDABOT_HOME/common diff --git a/python/lib/dependabot/python/language_version_manager.rb b/python/lib/dependabot/python/language_version_manager.rb index bb94edb5b76..74a651b5d1d 100644 --- a/python/lib/dependabot/python/language_version_manager.rb +++ b/python/lib/dependabot/python/language_version_manager.rb @@ -12,7 +12,6 @@ class LanguageVersionManager 3.10.12 3.9.17 3.8.17 - 3.7.17 ).freeze def initialize(python_requirement_parser:) diff --git a/python/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb b/python/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb index 0f23d9ce936..58f03576dcc 100644 --- a/python/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +++ b/python/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb @@ -22,7 +22,6 @@ class UpdateChecker # This class does version resolution for pip-compile. Its approach is: # - Unlock the dependency we're checking in the requirements.in file # - Run `pip-compile` and see what the result is - # rubocop:disable Metrics/ClassLength class PipCompileVersionResolver GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone --filter=blob:none --quiet (?[^\s]+).* / GIT_REFERENCE_NOT_FOUND_REGEX = /Did not find branch or tag '(?[^\n"]+)'/m @@ -235,10 +234,6 @@ def run_command(command, env: python_env, fingerprint:) ) end - def new_resolver_supported? - language_version_manager.python_version >= Python::Version.new("3.7") - end - def pip_compile_options_fingerprint(options) options.sub( /--output-file=\S+/, "--output-file=" @@ -252,8 +247,12 @@ def pip_compile_options_fingerprint(options) def pip_compile_options(filename) options = @build_isolation ? ["--build-isolation"] : ["--no-build-isolation"] options += pip_compile_index_options + # TODO: Stop explicitly specifying `allow-unsafe` once it becomes the default: + # https://github.com/jazzband/pip-tools/issues/989#issuecomment-1661254701 options += ["--allow-unsafe"] - options += ["--resolver backtracking"] if new_resolver_supported? + # TODO: This is the default as of https://github.com/jazzband/pip-tools/releases/tag/7.0.0 + # so stop explicitly specifying it as soon as we upgrade + options += ["--resolver backtracking"] if (requirements_file = compiled_file_for_filename(filename)) options << "--output-file=#{requirements_file.name}" @@ -501,7 +500,6 @@ def setup_cfg_files dependency_files.select { |f| f.name.end_with?("setup.cfg") } end end - # rubocop:enable Metrics/ClassLength end end end diff --git a/python/spec/dependabot/python/update_checker/pip_version_resolver_spec.rb b/python/spec/dependabot/python/update_checker/pip_version_resolver_spec.rb index 522cfadf2e4..d4ce621be38 100644 --- a/python/spec/dependabot/python/update_checker/pip_version_resolver_spec.rb +++ b/python/spec/dependabot/python/update_checker/pip_version_resolver_spec.rb @@ -44,7 +44,7 @@ content: python_version_content ) end - let(:python_version_content) { "3.7.0\n" } + let(:python_version_content) { "3.11.0\n" } let(:pypi_response) { fixture("pypi", "pypi_simple_response_django.html") } let(:pypi_url) { "https://pypi.org/simple/django/" } let(:dependency) do @@ -81,16 +81,16 @@ it { is_expected.to eq(Gem::Version.new("3.2.4")) } context "that is set to the oldest version of python supported by Dependabot" do - let(:python_version_content) { "3.7.0\n" } + let(:python_version_content) { "3.8.0\n" } it { is_expected.to eq(Gem::Version.new("3.2.4")) } end context "that is set to a python version no longer supported by Dependabot" do - let(:python_version_content) { "3.6.0\n" } + let(:python_version_content) { "3.7.0\n" } it "raises a helpful error" do expect { subject }.to raise_error(Dependabot::DependencyFileNotResolvable) do |err| expect(err.message).to start_with( - "Dependabot detected the following Python requirement for your project: '3.6.0'." + "Dependabot detected the following Python requirement for your project: '3.7.0'." ) end end @@ -126,17 +126,17 @@ it { is_expected.to eq(Gem::Version.new("2.1.1")) } context "that is set to the oldest version of python supported by Dependabot" do - let(:python_version_content) { "3.7.0\n" } + let(:python_version_content) { "3.8.0\n" } it { is_expected.to eq(Gem::Version.new("2.1.1")) } end context "that is set to a python version no longer supported by Dependabot" do - let(:python_version_content) { "3.6.0\n" } + let(:python_version_content) { "3.7.0\n" } it "raises a helpful error" do expect { subject }.to raise_error(Dependabot::DependencyFileNotResolvable) do |err| expect(err.message).to start_with( - "Dependabot detected the following Python requirement for your project: '3.6.0'." + "Dependabot detected the following Python requirement for your project: '3.7.0'." ) end end diff --git a/python/spec/dependabot/python/update_checker_spec.rb b/python/spec/dependabot/python/update_checker_spec.rb index c6470f6af30..3d281cd5f23 100644 --- a/python/spec/dependabot/python/update_checker_spec.rb +++ b/python/spec/dependabot/python/update_checker_spec.rb @@ -200,7 +200,7 @@ content: python_version_content ) end - let(:python_version_content) { "3.7.0\n" } + let(:python_version_content) { "3.11.0\n" } let(:pypi_response) do fixture("pypi", "pypi_simple_response_django.html") end @@ -219,16 +219,16 @@ it { is_expected.to eq(Gem::Version.new("3.2.4")) } context "that is set to the oldest version of python supported by Dependabot" do - let(:python_version_content) { "3.7.0\n" } + let(:python_version_content) { "3.8.0\n" } it { is_expected.to eq(Gem::Version.new("3.2.4")) } end context "that is set to a python version no longer supported by Dependabot" do - let(:python_version_content) { "3.6.0\n" } + let(:python_version_content) { "3.7.0\n" } it "raises a helpful error" do expect { subject }.to raise_error(Dependabot::DependencyFileNotResolvable) do |err| expect(err.message).to start_with( - "Dependabot detected the following Python requirement for your project: '3.6.0'." + "Dependabot detected the following Python requirement for your project: '3.7.0'." ) end end