You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There's still py==1.11.0 required in dev.in, which is in maintenance mode (=basically conserved in its historic state only). Not being actively updated for years, and with vulnerability being reported even for the latest version, every package tries to get rid of it or just vendor the usable parts instead of all the old legacy… (The CVE is somewhat unfortunate nonetheless, as it only applies to decades-old code for handling SVN repos:/…)
Note
The og py.test entrypoints of pytest do not depend on this in any way.
Is it really being used anywhere? (Or am I overlooking something too obvious?)
Success Criteria
Audit the use of py package
Remove if not needed anymore
Ensure docs and test runners use pytest not py.test
The text was updated successfully, but these errors were encountered:
But good point @stevejalim to also update the entrypoints. They are nonetheless independent on the requirement removal.
What turned out as a blocker however, is pytest's removal of py in 7.2.0 and vendoring just the useful bits left its plugins without explicit py dependency but still relying on e.g. py.xml broken from that point on, so only those still maintained and updating/replacing their dependencies will continue working with newer releases (or will need a py version explicitly required and pinned like here now, until updated). But that upgrade is currently blocked: #14013 (also see #14316 for more issues, we kinda need both pytest-selenium 4.0.2+ and pytest 8+ so I'll have to try to make a minimal-repro case to test the combination of versions & geckodriver +possible snap/flat env issues, and try finding a version combination that still works for Firefox). Truth is replacing Selenium with Playwright might happen faster than this.
Description
There's still
py==1.11.0
required in dev.in, which is in maintenance mode (=basically conserved in its historic state only). Not being actively updated for years, and with vulnerability being reported even for the latest version, every package tries to get rid of it or just vendor the usable parts instead of all the old legacy… (The CVE is somewhat unfortunate nonetheless, as it only applies to decades-old code for handling SVN repos:/…)Note
The og
py.test
entrypoints ofpytest
do not depend on this in any way.Is it really being used anywhere?
(Or am I overlooking something too obvious?)
Success Criteria
py
packagepytest
notpy.test
The text was updated successfully, but these errors were encountered: