Drop support for Python 3.5 and add 3.9 #314
Conversation
Python 3.5 has now reached its end-of-life and has been retired. https://www.python.org/dev/peps/pep-0478/ The optional (but highly recommended) 'cryptography' dependency has also just dropped support for 3.5. Continuing support for 3.5 does not seem worth the effort. Instead we add support for the new stable Python 3.9.
- Remove 3.5 - Add 3.9
requirements-pinned.txt lists all immediate and transitive dependencies combined for all supported Python versions. This commit semi-automatically updates the pinned dependencies using the instructions in requirements.txt: Updated dependencies are: - cryptography (supersedes dependabot's secure-systems-lab#312) - enum34 (oddly not detected by dependabot)
| @@ -103,6 +103,7 @@ | |||
| 'Source': 'https://github.com/secure-systems-lab/securesystemslib', | |||
| 'Issues': 'https://github.com/secure-systems-lab/securesystemslib/issues', | |||
| }, | |||
| python_requires=">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*, <4", | |||
There was a problem hiding this comment.
So this means that any users of python 3.5 will now be offered securesystemslib 0.18 by the pypi clients even if new securesystemslib versions are released, correct?
I guess this is the correct and reasonable thing to do (since cryptography already does exactly that), just wanted it to be explicit.
There was a problem hiding this comment.
So this means that any users of python 3.5 will now be offered securesystemslib 0.18 by the pypi clients even if new securesystemslib versions are released, correct?
Good question. The way I read the docs this makes sure that pip on e.g. 3.5 will not install the next version of securesystemslib, i.e. > 0.18. Not sure if this also means that it will fall back to the latest version, i.e. 0.18, or just refuse to install. I could live with both.
Btw. I didn't add this line because I dropped 3.5, but because I saw that it was missing while dropping 3.5, in case this makes a difference. :)
Fixes: # None
Description of the changes being introduced by the pull request:
Python 3.5 has now reached its end-of-life and has been retired: https://www.python.org/dev/peps/pep-0478/
The optional (but highly recommended) 'cryptography' dependency has also just dropped support for 3.5. Continuing support for 3.5 does not seem worth the effort. Instead we add support for the new stable Python 3.9.
This PR also updates the test configuration accordingly and recomputes the pinned dependencies.
Note, securesystemslib's dependent TUF is also dropping 3.5 support (theupdateframework/python-tuf#1238) and in-toto will follow shortly.
Please verify and check that the pull request fulfils the following requirements: