Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unpin boto3 and botocore versions #6071

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Unpin boto3 and botocore versions #6071

wants to merge 9 commits into from

Conversation

harryzcy
Copy link

@harryzcy harryzcy commented Mar 5, 2024
edited by baz-reviewer bot
Loading

User description

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Unpin boto3 and botocore as the bug from botocore is marked as resolved. That issue is related to urllib3 2.2.0 specifically.

Previous PRs that pinned the version: #6011, #6016

Fix: #6050

Generated description

Below is a concise technical summary of the changes proposed in this PR:

Updates the version requirements for boto3 in both Pipfile and setup.py, changing from a pinned version "==1.35.49" to a more flexible range ">=1.35.49,<2.0.0". This modification allows for newer versions of boto3 while maintaining compatibility with the current major version. The change addresses a previously resolved bug in botocore related to urllib3 2.2.0, demonstrating proactive dependency management and system stability improvement.

TopicDetails
Dependency Update Updates boto3 version requirements in dependency management files to improve flexibility and address resolved issues.
Modified files (2)
  • setup.py
  • Pipfile
Latest Contributors(2)
UserCommitDate
omryMenchore-secrets-bump-det...November 21, 2024
tsmithv11chore-general-bump-det...November 19, 2024
Other Other files
Modified files (1)
  • Pipfile.lock
Latest Contributors(2)
UserCommitDate
omryMenchore-secrets-bump-det...November 21, 2024
tsmithv11chore-general-bump-det...November 19, 2024
Build System Maint. Maintains the integrity of the build system by ensuring consistency between Pipfile and setup.py.
Modified files (2)
  • setup.py
  • Pipfile
Latest Contributors(2)
UserCommitDate
omryMenchore-secrets-bump-det...November 21, 2024
tsmithv11chore-general-bump-det...November 19, 2024
This pull request is reviewed by Baz. Join @harryzcy and the rest of your team on (Baz).

@Saarett
Copy link
Contributor

Saarett commented Jul 1, 2024

Hi @harryzcy ,
That’s a good input, although I’m not sure it really affects anything as it is right now. If you think it is necessary to have this change, I’d appreciate it if you could resolve the conflicts, and we will rerun our tests.

Thanks!

@SayantanKhanra10
Copy link

@Saarett it does create an issue while locking dependencies if i want to use a much more newer version of boto3 in my project. I am planning to implement checkov with cdktf in my project and un-pining this will help us move forward.

@harryzcy can you please resolve the conflicts?

@harryzcy
Copy link
Author

@Saarett @SayantanKhanra10 merge conflicts fixed

@harryzcy
Copy link
Author

Conflict resolved

@AdamDev
Copy link
Contributor

AdamDev commented Jan 5, 2025

Hi @harryzcy, can you please resolve the conflicts?

@harryzcy
Copy link
Author

Hi @harryzcy, can you please resolve the conflicts?

Resolved

gruebel
gruebel reviewed Jan 10, 2025
View reviewed changes
Pipfile.lock
"sha256:f9b57eaa3b0cd8db52049ed0330747b0364e899e8a606a624813452b8203d5f7",
"sha256:fce4f615f8ca31b2e61aa0eb5865a21e14f5629515c9151850aa936c02a1ee51"
],
"markers": "python_version >= '3.10'",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this will not work. this lock file was created with Python 3.10+ therefore any CI jobs running on 3.8 or 3.9 will fail

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gruebel gruebel gruebel left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

remove pinning boto3 (and botocore) to an exact version
5 participants
@harryzcy @Saarett @SayantanKhanra10 @AdamDev @gruebel