pin beartype version in connectors ci packages #36755
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 1 Ignored Deployment
|
|
This stack of pull requests is managed by Graphite. Learn more about stacking. Join @erohmensing and the rest of your teammates on |
erohmensing
force-pushed
the
ella/beartype
branch
from
f4db7fc to
8bb0144
Compare
| @@ -394,6 +395,7 @@ develop = false | |||
| [package.dependencies] | |||
| click = "^8.1.3" | |||
| common_utils = {path = "../common_utils", develop = true} | |||
| cryptography = ">=42.0" | |||
There was a problem hiding this comment.
This could be done separately - this one needed to be locked after #36614
| @@ -116,13 +117,13 @@ files = [ | |||
|
|
|||
| [[package]] | |||
| name = "beartype" | |||
| version = "0.17.2" | |||
| version = "0.17.1" | |||
There was a problem hiding this comment.
This is specifically the one that was failing - it's a lockfile only change because it comes from the base image dependency.
| @@ -1712,24 +1712,15 @@ files = [ | |||
| {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938"}, | |||
| {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d"}, | |||
| {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515"}, | |||
| {file = "PyYAML-6.0.1-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290"}, | |||
There was a problem hiding this comment.
was PyYAML a transient dependency from beartype?
There was a problem hiding this comment.
Doesn't look like it - looks like it appears if I poetry lock --no-update on master. Similar to the cryptography change.
We should probably have a CI check that yells if poetry lock --no-update modifies files or something, because it definitely seems sus. I think in these deleted ones it's likely the case that poetry doesn't care (compare to if you change a version in the toml file and don't lock it, you get a pyproject.toml changed significantly since poetry.lock was last generated. Run poetry lock [--no-update] to fix the lock file. when you try to install)
There was a problem hiding this comment.
actually since that added cryptography back in im surprised it doesn't yell 🤔
What
It seems that the version of dagger we use (0.9.6) declares
beartype >= 0.11.0, but doesn't play well with0.17.2or higher. Beartype changelog entry here. It leads to issues like this.This causes tests to fail after beartype was auto-upgraded in this pr. In the future, if we want to remove dependencies without updating dependencies in the lockfile, we can do so via
poetry lock --no-update. We should upgrade dependencies regularly, but ideally separately from any other material changes to the dependencies.This PR pins the beartype version wherever we install
dagger-io, since dagger does not pin it themselves. However this is a january version of dagger, which makes me believe they are unlikely to do so, and probably have forward fixed - the long term solution here is likely to upgrade dagger-io, but that probably introduces larger issues and I want to unblock connector devs.To get this fix
Pull in master to your PR/ rebase your local branch onto master