From dc98233a33957762300d8e16991bb0156b7b1a6d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Aug 2023 18:42:53 +0000
Subject: [PATCH 1/2] Bump cython from 0.29.34 to 3.0.0 in /python/helpers

Bumps [cython](https://github.com/cython/cython) from 0.29.34 to 3.0.0.
- [Release notes](https://github.com/cython/cython/releases)
- [Changelog](https://github.com/cython/cython/blob/master/CHANGES.rst)
- [Commits](https://github.com/cython/cython/compare/0.29.34...3.0.0)

---
updated-dependencies:
- dependency-name: cython
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 python/helpers/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/helpers/requirements.txt b/python/helpers/requirements.txt
index b98ec09aa675..93181463ecad 100644
--- a/python/helpers/requirements.txt
+++ b/python/helpers/requirements.txt
@@ -9,4 +9,4 @@ poetry>=1.1.15,<1.6.0
 wheel==0.37.1
 
 # Some dependencies will only install if Cython is present
-Cython==0.29.34
+Cython==3.0.0

From 0392a554e44437ea845dca0ae919d58026b16a9f Mon Sep 17 00:00:00 2001
From: Jeff Widman <jeff@jeffwidman.com>
Date: Thu, 3 Aug 2023 12:58:17 -0700
Subject: [PATCH 2/2] Workaround `pyyaml` / `cython` incompatibility

This test was failing when it tried to install `pyyaml`:
```
rspec ./spec/dependabot/python/update_checker/pip_compile_version_resolver_spec.rb:139
```

The underlying issue is `PyYAML` isn't yet compatible with `cython` `3.0.0`.
So manually I bumped the `pyyaml` pin to `6.0.1` which includes a
holdback pin to not install the latest `cython`:
* https://github.com/yaml/pyyaml/commit/c42fa3bff1eabdb64763bb1526d9ea1ccb708479

The better way to fix this would be to regenerate the `pip-compile`
output lockfile, but I wasn't sure I'd be able to do that since the
`imports_shared.in` file includes a recursive reference to another
requirements file... and that other requirements file doesn't appear to
exist on disk in the fixtures... from a quick glance at the test specs
code, it may dynamically generate that file. So I'd have to start it,
then drop into a debugger to pause it, then manually go look at the file
(if it's even saved to disk), and then re-run it... and even then, it
may cause other failures with the test since it updates all the other
versions...

Anyway, rather than tracking all that down, I merely tried the pin, and
low and behold it fixed the test. So I think we're good for now,
especially as `pyyaml` isn't part of the test at all, it's just a
transitive dep of the actual package under test.
---
 .../spec/fixtures/requirements/pip_compile_imports_shared.txt   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/spec/fixtures/requirements/pip_compile_imports_shared.txt b/python/spec/fixtures/requirements/pip_compile_imports_shared.txt
index 3b876e5a4528..2130515bc685 100644
--- a/python/spec/fixtures/requirements/pip_compile_imports_shared.txt
+++ b/python/spec/fixtures/requirements/pip_compile_imports_shared.txt
@@ -30,7 +30,7 @@ pyaml==18.11.0            # via moto
 pycparser==2.19           # via cffi
 python-dateutil==2.6.0
 pytz==2018.7              # via moto
-pyyaml==3.13              # via pyaml
+pyyaml==6.0.1             # via pyaml
 requests==2.20.1          # via aws-xray-sdk, docker, moto, responses
 responses==0.10.4         # via moto
 s3transfer==0.1.13        # via boto3