Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump wheel from 0.37.1 to 0.41.1 in /python/helpers #7748

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 6, 2023

Bumps wheel from 0.37.1 to 0.41.1.

Changelog

Sourced from wheel's changelog.

Release Notes

0.41.1 (2023-08-05)

  • Fixed naming of the data_dir directory in the presence of local version segment given via egg_info.tag_build (PR by Anderson Bravalheri)
  • Fixed version specifiers in Requires-Dist being wrapped in parentheses

0.41.0 (2023-07-22)

  • Added full support of the build tag syntax to wheel tags (you can now set a build tag like 123mytag)
  • Fixed warning on Python 3.12 about onerror deprecation. (PR by Henry Schreiner)
  • Support testing on Python 3.12 betas (PR by Ewout ter Hoeven)

0.40.0 (2023-03-14)

  • Added a wheel tags command to modify tags on an existing wheel (PR by Henry Schreiner)
  • Updated vendored packaging to 23.0
  • wheel unpack now preserves the executable attribute of extracted files
  • Fixed spaces in platform names not being converted to underscores (PR by David Tucker)
  • Fixed RECORD files in generated wheels missing the regular file attribute
  • Fixed DeprecationWarning about the use of the deprecated pkg_resources API (PR by Thomas Grainger)
  • Wheel now uses flit-core as a build backend (PR by Henry Schreiner)

0.38.4 (2022-11-09)

  • Fixed PKG-INFO conversion in bdist_wheel mangling UTF-8 header values in METADATA (PR by Anderson Bravalheri)

0.38.3 (2022-11-08)

  • Fixed install failure when used with --no-binary, reported on Ubuntu 20.04, by removing setup_requires from setup.cfg

0.38.2 (2022-11-05)

  • Fixed regression introduced in v0.38.1 which broke parsing of wheel file names with multiple platform tags

0.38.1 (2022-11-04)

  • Removed install dependency on setuptools
  • The future-proof fix in 0.36.0 for converting PyPy's SOABI into a abi tag was faulty. Fixed so that future changes in the SOABI will not change the tag.

0.38.0 (2022-10-21)

... (truncated)

Commits
  • b626a4a Created a new release
  • 2a0a487 Don't wrap version specifiers in parens in Requires-Dist (#552)
  • fbd385c Fixed tense of a changelog entry
  • e43f2fc Fix bdist_wheel.data_dir in the presence of local version segment given via...
  • dc945a5 [pre-commit.ci] pre-commit autoupdate (#549)
  • e3c46aa Switched to trusted publishing
  • 9484d92 [pre-commit.ci] pre-commit autoupdate (#547)
  • 95c2d83 Created a new release
  • e8fc452 Updated FreeBSD image on Cirrus CI
  • fb7d837 [pre-commit.ci] pre-commit autoupdate (#546)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from a team as a code owner August 6, 2023 16:45
@dependabot dependabot bot added dependencies python Dependabot pull requests that update Python code labels Aug 6, 2023
Copy link
Member

@jeffwidman jeffwidman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't support 3.7, so blocked on:

CI doesn't fail because this dep isn't used directly.

@dependabot dependabot bot force-pushed the dependabot/pip/python/helpers/wheel-0.41.1 branch from fbd9859 to db1f59f Compare August 7, 2023 16:29
Bumps [wheel](https://github.com/pypa/wheel) from 0.37.1 to 0.41.1.
- [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst)
- [Commits](pypa/wheel@0.37.1...0.41.1)

---
updated-dependencies:
- dependency-name: wheel
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/python/helpers/wheel-0.41.1 branch from db1f59f to 9461cbb Compare August 7, 2023 18:27
@yeikel
Copy link
Contributor

yeikel commented Aug 9, 2023

CI doesn't fail because this dep isn't used directly.

Would it add value to add an explicit test for this? Even if it is not used directly, we should know when these updates can break compatibility

@deivid-rodriguez
Copy link
Contributor

Reading through #5597 again, and seeing that pip-tools itself does not set any requirements on the version of wheel, I wonder if it would make sense to remove this pin?

If we remove it, pip should install whatever version is compatible with the running Python through the pip-tools dependency.

@jeffwidman
Copy link
Member

jeffwidman commented Aug 10, 2023

Yeah, I'm also personally 👍 for completely dropping the pin.

I don't see the point of it for our use case other than for very occasional holdbacks if there's an unexpected bug introduced in a new release, and then unpinning as soon as upstream fixes that bug.

@jeffwidman jeffwidman mentioned this pull request Aug 10, 2023
@jeffwidman
Copy link
Member

@jeffwidman
Copy link
Member

jeffwidman commented Aug 10, 2023

Would it add value to add an explicit test for this? Even if it is not used directly, we should know when these updates can break compatibility

It's great in theory, but a good deal of work in practice because dependabot-core picks the latest version of python for everything if not explicitly specified... we don't run a matrix of all tests against all versions because the cost in time/$ is more than the problems it'd solve.

So we'd need to add an explicit test for the dep against the lowest version of supported python... and we'd end up needing that for all our deps, eg we theoretically should have one for cython etc.

I know we've got one for several of the python package managers, and if someone wanted to take the time to write them for these other deps that'd be awesome, but right now we've generally got bigger fish to fry in a cost-benefit analysis. For example, finishing aligning ourselves with upstream Python release cadence... if we do that, then we've essentially side-stepped the entire version compatibility issue because most of these critical python packages won't drop support for a python version until it's actually EOL'd... by which time we will also treat it as EOL'd.

Sorry, long-winded answer, but hopefully it provides more context. tl;dr is yes, that'd be awesome, but no, probably not worth the time for any of the maintainers to write that test right now.

jeffwidman added a commit that referenced this pull request Aug 10, 2023
We've gone back and forth on this repeatedly:
* #5597
* #7748 (comment)

As @yeikel pointed out, if we're going to keep pinning this, we really ought to have CI that checks it in some way (although that'd potentially be tricky as we want to not only test on latest python, but also oldest python).

As Deivid pointed out though, it's not really providing a lot of benefit for us to pin... simpler to just let `pip` pick whatever it needs and keep going.

If we observe breakage, we can start pinning again. Although probably (hopefully) that'd be very infrequent, and it'd be only a temporary thing until upstream fixes their bug and releases a new version then we can drop the pin. Or in that case I'd probably actually expect `pip-tools` to handle the work of temp-pinning as they're the ones who need it.
jeffwidman added a commit that referenced this pull request Aug 10, 2023
We've gone back and forth on this repeatedly:
* #5597
* #7748 (comment)

As @yeikel pointed out, if we're going to keep pinning this, we really ought to have CI that checks it in some way (although that'd potentially be tricky as we want to not only test on latest python, but also oldest python).

As Deivid pointed out though, it's not really providing a lot of benefit for us to pin... simpler to just let `pip` pick whatever it needs and keep going.

If we observe breakage, we can start pinning again. Although probably (hopefully) that'd be very infrequent, and it'd be only a temporary thing until upstream fixes their bug and releases a new version then we can drop the pin. Or in that case I'd probably actually expect `pip-tools` to handle the work of temp-pinning as they're the ones who need it.
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 10, 2023

Looks like wheel is no longer a dependency, so this is no longer needed.

@dependabot dependabot bot closed this Aug 10, 2023
@dependabot dependabot bot deleted the dependabot/pip/python/helpers/wheel-0.41.1 branch August 10, 2023 16:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies L: python python Dependabot pull requests that update Python code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants