Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auditwheel depends on a specific patch version of wheel #274

Closed
mdboom opened this issue Dec 14, 2020 · 2 comments
Closed

auditwheel depends on a specific patch version of wheel #274

mdboom opened this issue Dec 14, 2020 · 2 comments
Labels
question

Comments

@mdboom
Copy link

mdboom commented Dec 14, 2020

auditwheel currently depends on a specific patch version of wheel. Is this intentional? I would have assumed it would ignore the patch version. This currently causes problems for projects running dependabot, since wheel is held back: mozilla/glean#1387
@mdboom mdboom mentioned this issue Dec 14, 2020
Closed
@mayeut
Copy link
Member

mayeut commented Dec 14, 2020

@mdboom,

It's intentional. wheel has no public API yet and auditwheel is using a private API of wheel which is perfectly free to change between patch versions as they're just implementation details in wheel (and they did in the past causing all sort of issues in auditwheel).
At one time I opened #191 which has been closed when auditwheel pinned wheel version.
I was thinking of reopening the issue (and do the related work) to vendor wheel until it gets a public API (which is work in progress). I'm also getting annoyed by this problem when dependabot tries to update wheel (as it should).

mayeut added a commit to mayeut/auditwheel that referenced this issue Dec 17, 2020
@mayeut
Vendor wheel 0.36.2
869d79d 
`wheel` does not provide a public API yet. In order not to be impacted by any internal refactoring/changes in the `wheel` package, the version of the `wheel` package is pinned by `auditwheel`. [This causes some nuisance for users of `auditwheel`](pypa#274).
This commit vendors `wheel` to avoid such nuisance and while waiting for a public API in `wheel`.
@mayeut mayeut mentioned this issue Dec 17, 2020
Merged
mayeut added a commit to mayeut/auditwheel that referenced this issue Dec 17, 2020
@mayeut
Vendor wheel 0.36.2
5b6cd53 
`wheel` does not provide a public API yet. In order not to be impacted by any internal refactoring/changes in the `wheel` package, the version of the `wheel` package is pinned by `auditwheel`. [This causes some nuisance for users of `auditwheel`](pypa#274).
This commit vendors `wheel` to avoid such nuisance and while waiting for a public API in `wheel`.
mayeut added a commit that referenced this issue Dec 24, 2020
@mayeut
Vendor wheel 0.36.2 (#275)
7ca5a84 
* Vendor wheel 0.36.2

`wheel` does not provide a public API yet. In order not to be impacted by any internal refactoring/changes in the `wheel` package, the version of the `wheel` package is pinned by `auditwheel`. [This causes some nuisance for users of `auditwheel`](#274).
This commit vendors `wheel` to avoid such nuisance and while waiting for a public API in `wheel`.

* Omit coverage report for vendored packages

* Exclude vendored packages from flake8 check

* Fix flake8 issue

* Exclude vendored packages from mypy check
@mayeut
Copy link
Member

mayeut commented Dec 24, 2020

@mdboom, auditwheel 3.3.1 now vendors wheel. This should help with dependabot.

@mayeut mayeut closed this as completed Dec 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mdboom @mayeut