update setuptools >= 78.1.1 for Safety 76752
#7506
Conversation
|
It turns out that |
6d49e2c to
734641f
Compare
|
The team (and then @legoktm and I) discussed this today and agreed that we need to have a way to update dependencies between Python 3.8 on Ubuntu Focal and Python 3.12 on Ubuntu Noble whether or not this |
Admittedly I had forgotten that doing this would require duplicating the requirements.txt files but it looks solid. I assume the symlinks are just temporary and once they're removed Git will show the focal files as being renamed and not deleted/created? Also if you want, you could drop the "python3" part of the path, so it's just |
cc5aaa1 to
c11b76d
Compare
|
As far as I can tell, |
…es for (the Python versions available under) Ubuntu Focal versus Noble
Via "make update-python3-requirements", scoped to Python >= 3.9 and therefore limited to Ubuntu Noble.
Per <pypa/setuptools#4483 (comment)>, packaging >= 22.0 is necessary to update setuptools >= 74, but we can't get there without a pinned hash, since "pip3 install" takes "--hash" to strictly imply "--require-hashes".
…pip-requirements")
Status
Work in progress
Description of Changes
Updates
setuptools>= 78.1.1 for Safety 76752. This required updatingpackagingand, given how fundamental these dependencies are, some manual tweaking instead of just runningmake update-pip-requirements.Testing
Deployment
No deployment considerations.
Checklist
If you added or updated a reference to a production code dependency:
se one of the following:
Both
packagingandsetuptoolsare published by the Python Packaging Authority, so they don't require diff review, per https://github.com/freedomofpress/securedrop-dev-docs/blob/4a42bbb4eb4007edcccb317da5f19998dc3175e0/docs/dependency_updates.rst?plain=1#L52-L53.