-
-
Notifications
You must be signed in to change notification settings - Fork 14.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
python310Packages.urllib3: 1.26.14 -> 2.0.3 #241825
Conversation
This triggers over 5000+ rebuilds, thus can't go to |
🤦 ; @fabaff , thanks!
LOL --> and c033f34 [ a PR of yours ] made it seem like upgrading versions was simple :-) |
This is a good resource for understanding the
From my observation, it's unfortunately very common for upper bound constraints to exist on I like to think we're all on the same team pushing changes to balance keeping packages working with other goals (such as fixing bugs, closing security issues, etc.). So we have to do due diligence to not break many packages without a seriously compelling reason. Onto the PR itself, thank you putting it up! I've been slowly working on the side on it too, so I'd be interested in combining efforts to get this done. To start with, here are 3 PRs that will be needed to minimize breakages:
Where I need help the most currently is testing |
I guess that there are a little over 250 packages present which depends directly on Getting widely used modules updated like
Those |
@@ -20,12 +20,12 @@ | |||
|
|||
buildPythonPackage rec { | |||
pname = "urllib3"; | |||
version = "1.26.14"; | |||
version = "2.0.3"; | |||
format = "setuptools"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
format = "setuptools"; | |
format = "setuptools"; | |
diabled = pythonOlder "3.7"; |
format = "setuptools"; | ||
|
||
src = fetchPypi { | ||
inherit pname version; | ||
hash = "sha256-B2kHv4/TVc3ndyhHExZiWk0vfnE8El9RlTu1s+7PT3I="; | ||
hash = "sha256-vuKLXlat24ImyW9/E6woy0wwHdXqimyhecC5g14DKCU="; | ||
}; | ||
|
||
# FIXME: remove backwards compatbility hack |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we are doing a major update which most likely requires extra fixups, we can also remove this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Below we should replace pytest-freezegun with freezegun https://github.com/urllib3/urllib3/blob/2.0.3/dev-requirements.txt
I discovered that |
I'll use this comment to record any additional PRs that will be needed before we update this. |
We can update botocore to 1.31.15 now and unpin its urllib3 dependency to get us one more step closer to bumping this. Please feel free to keep going on this if anyone has the time. |
Already on master. |
https://github.com/urllib3/urllib3/releases/tag/2.0.3
Description of changes
upgrade to include 2.0.3
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)