Update pip-tools requirement from ~=6.5 to >=6.5,<8.0 #2813
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Updates the requirements on [pip-tools](https://github.com/jazzband/pip-tools) to permit the latest version. - [Release notes](https://github.com/jazzband/pip-tools/releases) - [Changelog](https://github.com/jazzband/pip-tools/blob/main/CHANGELOG.md) - [Commits](jazzband/pip-tools@6.5.0...7.0.0) --- updated-dependencies: - dependency-name: pip-tools dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
the
dependencies
There was a problem hiding this comment.
This fixes #2807
Also I'm so happy that dependabot works on pyproject.toml just fine 🤩
|
Are the e2e tests on python 3.7 failures legit? It's the same error on both and I don't think I've seen it before.. |
|
Ughhhh yeah, looks like the newest pip-tools version requires a newer pip as well... https://github.com/jazzband/pip-tools/#versions-and-compatibility We'll need to adjust the CI, adjust our deps, or both. |
|
@astrojuanlu e2e tests are also failing on #2808 with the same error.. so might be something else? |
|
@merelcht There were pip and pip-tools releases very close in time so I'm not sure what's going on, but yes - CI on |
Signed-off-by: Nok <nok.lam.chan@quantumblack.com>
|
Right, thanks. This means that pip-tools 7.0 added support for pip 23.2, and previous versions break with the message we're observing. More evidence that we need to update the upper version cap of |
| @@ -28,7 +28,7 @@ dependencies = [ | |||
| "more_itertools~=9.0", | |||
| "omegaconf~=2.3", | |||
| "parse~=1.19.0", | |||
| "pip-tools>=6.5,<8.0", | |||
| "pip-tools>=7.0,<8.0", # pip==23.2 is a breaking change that requires pip-tools>=7.0.0 | |||
There was a problem hiding this comment.
I don't think we should touch the lower bound. After all, there might be environments with old pip versions, right?
pip-tools already takes care of pinning pip appropriately
|
Another part of what's happening is that pip-tools 7, which fixed the bug for pip 23.2, is not available for Python 3.7. They dropped support 2 weeks ago jazzband/pip-tools#1879 |
|
A newer version of pip-tools exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Updates the requirements on pip-tools to permit the latest version.
Release notes
Sourced from pip-tools's releases.
Changelog
Sourced from pip-tools's changelog.
... (truncated)
Commits
60ac79bRelease 7.0.0 (#1911)33667e3Default to --resolver=backtracking (#1897)776c3faAdd support forpip==23.2where removedDEV_PKGS(#1906)4b9cc32Merge pull request #1901 from webknjaz/maintenance/gha-reusable-qad8e302b🎨🔧👷 Wire in linters into the main workflow1db8dddMerge pull request #1899 from webknjaz/maintenance/gha-reusable-ci-on-cron9c87b0e👷 Deduplicate cron GHA through workflow reuse52698a4Merge pull request #1900 from webknjaz/maintenance/gha-check-v1.2.2105487c⇪👷 Bump re-actors/alls-green to v1.2.26ae1efcPromote a discord chat on pypa/pip-tools (#1841)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)