pip 25.3 incompatibility causes make upgrade to fail despite global constraints

[irtazaakram]

Description:

Summary

The weekly python package upgrade workflow fails across OpenEdX repos due to an upstream incompatibility between pip-tools (7.5.1) and pip (25.3), where InstallRequirement no longer exposes the use_pep517 attribute.
See upstream issue: jazzband/pip-tools#2252

Root Cause

Our make upgrade command installs pip-tools using:

pip install -q -r requirements/pip-tools.txt

This installation step does not use the global constraints file (requirements/constraints.txt → common_constraints.txt), so pip itself can be auto-upgraded to an incompatible version before pip-tools is compiled or constraints are applied.

As a result, the subsequent call to pip-compile fails with:

AttributeError: 'InstallRequirement' object has no attribute 'use_pep517'

Example failure:
https://github.com/openedx/DoneXBlock/actions/runs/19020342312/job/54334518671

Why Some Repositories (like opaque-keys) Didn’t Fail

The openedx/opaque-keys repository’s Makefile installs both pip-tools and pip requirements before running pip-compile, as shown below:

upgrade: ## update the requirements/*.txt files with the latest packages satisfying requirements/*.in
	pip install -qr requirements/pip-tools.txt
	pip install -qr requirements/pip.txt
	pip-compile --upgrade --allow-unsafe --rebuild -o requirements/pip.txt requirements/pip.in
	pip-compile --rebuild --upgrade -o requirements/pip-tools.txt requirements/pip-tools.in
	pip install -qr requirements/pip.txt

By reinstalling pip from requirements/pip.txt before running pip-compile, this workflow inadvertently avoids the issue — ensuring that pip-tools runs in a consistent environment.

Most other repositories do not include this intermediate pip install step, so they fail when pip upgrades to 25.3 prematurely.

Proposed Fix

We will align all repositories with the opaque-keys upgrade flow.
This involves updating the make upgrade target to reinstall pip before running pip-compile, ensuring consistent versions of both pip and pip-tools.

for all repos.

https://github.com/openedx/DoneXBlock
https://github.com/openedx/FeedbackXBlock
https://github.com/openedx/XBlock
https://github.com/openedx/edx-notes-api
https://github.com/openedx/event-bus-redis
https://github.com/openedx/openedx-learning
https://github.com/openedx/xapi-db-load
https://github.com/openedx/xblock-in-video-quiz
https://github.com/openedx/xblock-sdk
https://github.com/openedx/xblocks-contrib

References

• Upstream bug: pip-tools 7.5.1 is not compatible with pip 25.3 jazzband/pip-tools#2252
• Related Open edX issue: pip-tools>7.5.0 incompatibility with pip==25.3 causing the build failures in make upgrade #440
• Global constraints file: https://raw.githubusercontent.com/openedx/edx-lint/master/edx_lint/files/common_constraints.txt

[irtazaakram]

All related pull requests containing the required fixes for the mentioned repositories have been successfully merged — closing this issue.