Drop python 3.6

This drops `python` `3.6` which has been EOL'd since Dec 2021. This does _not_ tackle any of the follow-on work that dropping `3.6` unlocks... ie, bumping to newer versions of `pip-tools`, `pip`, `poetry` etc.
dependabot · Aug 1, 2023 · fc94264 · fc94264
1 parent 8fca3ca
commit fc94264
Show file tree

Hide file tree

Showing 6 changed files with 52 additions and 36 deletions.
diff --git a/python/lib/dependabot/python/python_versions.rb b/python/lib/dependabot/python/python_versions.rb
@@ -18,8 +18,6 @@ module PythonVersions
         3.9.17 3.9.16 3.9.15 3.9.14 3.9.13 3.9.12 3.9.11 3.9.10 3.9.9 3.9.8 3.9.7 3.9.6 3.9.5 3.9.4 3.9.2 3.9.1 3.9.0
         3.8.17 3.8.15 3.8.14 3.8.13 3.8.12 3.8.11 3.8.10 3.8.9 3.8.8 3.8.7 3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0
         3.7.17 3.7.15 3.7.14 3.7.13 3.7.12 3.7.11 3.7.10 3.7.9 3.7.8 3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0
-        3.6.15 3.6.14 3.6.13 3.6.12 3.6.11 3.6.10 3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0
-        3.5.10 3.5.8 3.5.7 3.5.6 3.5.5 3.5.4 3.5.3
       ).freeze
 
       # This list gets iterated through to find a valid version, so we have

diff --git a/python/spec/dependabot/python/file_updater/poetry_file_updater_spec.rb b/python/spec/dependabot/python/file_updater/poetry_file_updater_spec.rb
@@ -119,38 +119,48 @@
       end
     end
 
-    context "with a supported python version", :slow do
-      let(:python_version) { "3.6.9" }
-      let(:pyproject_fixture_name) { "python_36.toml" }
-      let(:lockfile_fixture_name) { "python_36.lock" }
-      let(:dependency) do
-        Dependabot::Dependency.new(
-          name: "django",
-          version: "3.1",
-          previous_version: "3.0",
-          package_manager: "pip",
-          requirements: [{
-            requirement: "*",
-            file: "pyproject.toml",
-            source: nil,
-            groups: ["dependencies"]
-          }],
-          previous_requirements: [{
-            requirement: "*",
-            file: "pyproject.toml",
-            source: nil,
-            groups: ["dependencies"]
-          }]
-        )
-      end
-      it "updates the lockfile" do
-        updated_lockfile = updated_files.find { |f| f.name == "pyproject.lock" }
-
-        lockfile_obj = TomlRB.parse(updated_lockfile.content)
-        requests = lockfile_obj["package"].find { |d| d["name"] == "django" }
-        expect(requests["version"]).to eq("3.1")
-      end
-    end
+    # TODO: This test was originally added to ensure we retained 3.6 support.
+    # A couple of options:
+    # 1. Delete the test entirely, we don't need to be doing poetry specific tests against old python versions
+    # 2. Use this as a test basis to "prove" that we don't support 3.6 anymore and it throws the correct / expected error.
+    #    This would probably be useful, but make it more generic, ie, not just poetry but something that standard pip
+    #    picks up ie using .python-version file or pyproject.toml.
+    # 3. Tweak the test to 3.7 (or whatever the lowest version we support is) to prove we still support that as the
+    #    lower bound of our supported versions... not sure we need that to be poetry specific... if so, we probably need
+    #    a python 3.7 test for poetry, pip, pip-tools etc to prove that whatever versions of those package managers that
+    #    we ship still support our lowest supported python version.
+    # context "with a supported python version", :slow do
+    #   let(:python_version) { "3.6.9" }
+    #   let(:pyproject_fixture_name) { "python_36.toml" }
+    #   let(:lockfile_fixture_name) { "python_36.lock" }
+    #   let(:dependency) do
+    #     Dependabot::Dependency.new(
+    #       name: "django",
+    #       version: "3.1",
+    #       previous_version: "3.0",
+    #       package_manager: "pip",
+    #       requirements: [{
+    #         requirement: "*",
+    #         file: "pyproject.toml",
+    #         source: nil,
+    #         groups: ["dependencies"]
+    #       }],
+    #       previous_requirements: [{
+    #         requirement: "*",
+    #         file: "pyproject.toml",
+    #         source: nil,
+    #         groups: ["dependencies"]
+    #       }]
+    #     )
+    #   end
+    #   it "updates the lockfile" do
+    #     updated_lockfile = updated_files.find { |f| f.name == "pyproject.lock" }
+
+    #     lockfile_obj = TomlRB.parse(updated_lockfile.content)
+    #     requests = lockfile_obj["package"].find { |d| d["name"] == "django" }
+    #     expect(requests["version"]).to eq("3.1")
+    #   end
+    # end
 
     context "without a lockfile" do
       let(:dependency_files) { [pyproject] }

diff --git a/python/spec/dependabot/python/update_checker_spec.rb b/python/spec/dependabot/python/update_checker_spec.rb
@@ -200,7 +200,8 @@
             content: python_version_content
           )
         end
-        let(:python_version_content) { "3.7.0\n" }
+        # TODO: This probably should bump to a relatively new python
+        let(:python_version_content) { "3.11.0\n" }
         let(:pypi_response) do
           fixture("pypi", "pypi_simple_response_django.html")
         end
@@ -219,9 +220,13 @@
         it { is_expected.to eq(Gem::Version.new("3.2.4")) }
 
         context "that disallows the latest version" do
-          let(:python_version_content) { "3.5.3\n" }
+          # TODO: And this should float at the oldest python version we support...
+          let(:python_version_content) { "3.7.0\n" }
           it { is_expected.to eq(Gem::Version.new("2.2.24")) }
         end
+
+        # TODO: Do we need a test in here that we properly throw an exception for the newest
+        # unsupported version? Ie, 3.6 throws the expected error? That may happen earlier than the update checker step though...
       end
     end
 

diff --git a/python/spec/fixtures/lockfiles/environment_variable_source.lock b/python/spec/fixtures/lockfiles/environment_variable_source.lock
@@ -12,6 +12,7 @@
             "platform_release": "16.7.0",
             "platform_system": "Darwin",
             "platform_version": "Darwin Kernel Version 16.7.0: Wed Oct  4 00:17:00 PDT 2017; root:xnu-3789.71.6~1/RELEASE_X86_64",
+            # TODO: this will need bumping past 3.6 probably... or do we even use this?
             "python_full_version": "3.6.1",
             "python_version": "3.6",
             "sys_platform": "darwin"

diff --git a/python/spec/fixtures/lockfiles/hard_names.lock b/python/spec/fixtures/lockfiles/hard_names.lock
@@ -12,6 +12,7 @@
             "platform_release": "16.7.0",
             "platform_system": "Darwin",
             "platform_version": "Darwin Kernel Version 16.7.0: Wed Oct  4 00:17:00 PDT 2017; root:xnu-3789.71.6~1/RELEASE_X86_64",
+            # TODO: this will need bumping past 3.6 probably... or do we even use this?
             "python_full_version": "3.6.1",
             "python_version": "3.6",
             "sys_platform": "darwin"

diff --git a/python/spec/fixtures/lockfiles/version_hash.lock b/python/spec/fixtures/lockfiles/version_hash.lock
@@ -12,6 +12,7 @@
             "platform_release": "16.7.0",
             "platform_system": "Darwin",
             "platform_version": "Darwin Kernel Version 16.7.0: Wed Oct  4 00:17:00 PDT 2017; root:xnu-3789.71.6~1/RELEASE_X86_64",
+            # TODO: this will need bumping past 3.6 probably... or do we even use this?
             "python_full_version": "3.6.1",
             "python_version": "3.6",
             "sys_platform": "darwin"