From fc94264db853c0f4434cebd59c791cbb89248975 Mon Sep 17 00:00:00 2001 From: Jeff Widman Date: Fri, 21 Jul 2023 17:42:35 -0700 Subject: [PATCH] Drop `python` `3.6` This drops `python` `3.6` which has been EOL'd since Dec 2021. This does _not_ tackle any of the follow-on work that dropping `3.6` unlocks... ie, bumping to newer versions of `pip-tools`, `pip`, `poetry` etc. --- .../lib/dependabot/python/python_versions.rb | 2 - .../file_updater/poetry_file_updater_spec.rb | 74 +++++++++++-------- .../dependabot/python/update_checker_spec.rb | 9 ++- .../environment_variable_source.lock | 1 + .../spec/fixtures/lockfiles/hard_names.lock | 1 + .../spec/fixtures/lockfiles/version_hash.lock | 1 + 6 files changed, 52 insertions(+), 36 deletions(-) diff --git a/python/lib/dependabot/python/python_versions.rb b/python/lib/dependabot/python/python_versions.rb index 37c8199269c9..e71c6a932a0e 100644 --- a/python/lib/dependabot/python/python_versions.rb +++ b/python/lib/dependabot/python/python_versions.rb @@ -18,8 +18,6 @@ module PythonVersions 3.9.17 3.9.16 3.9.15 3.9.14 3.9.13 3.9.12 3.9.11 3.9.10 3.9.9 3.9.8 3.9.7 3.9.6 3.9.5 3.9.4 3.9.2 3.9.1 3.9.0 3.8.17 3.8.15 3.8.14 3.8.13 3.8.12 3.8.11 3.8.10 3.8.9 3.8.8 3.8.7 3.8.6 3.8.5 3.8.4 3.8.3 3.8.2 3.8.1 3.8.0 3.7.17 3.7.15 3.7.14 3.7.13 3.7.12 3.7.11 3.7.10 3.7.9 3.7.8 3.7.7 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0 - 3.6.15 3.6.14 3.6.13 3.6.12 3.6.11 3.6.10 3.6.9 3.6.8 3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0 - 3.5.10 3.5.8 3.5.7 3.5.6 3.5.5 3.5.4 3.5.3 ).freeze # This list gets iterated through to find a valid version, so we have diff --git a/python/spec/dependabot/python/file_updater/poetry_file_updater_spec.rb b/python/spec/dependabot/python/file_updater/poetry_file_updater_spec.rb index 4e03f7887f45..defee0af3d18 100644 --- a/python/spec/dependabot/python/file_updater/poetry_file_updater_spec.rb +++ b/python/spec/dependabot/python/file_updater/poetry_file_updater_spec.rb @@ -119,38 +119,48 @@ end end - context "with a supported python version", :slow do - let(:python_version) { "3.6.9" } - let(:pyproject_fixture_name) { "python_36.toml" } - let(:lockfile_fixture_name) { "python_36.lock" } - let(:dependency) do - Dependabot::Dependency.new( - name: "django", - version: "3.1", - previous_version: "3.0", - package_manager: "pip", - requirements: [{ - requirement: "*", - file: "pyproject.toml", - source: nil, - groups: ["dependencies"] - }], - previous_requirements: [{ - requirement: "*", - file: "pyproject.toml", - source: nil, - groups: ["dependencies"] - }] - ) - end - it "updates the lockfile" do - updated_lockfile = updated_files.find { |f| f.name == "pyproject.lock" } - - lockfile_obj = TomlRB.parse(updated_lockfile.content) - requests = lockfile_obj["package"].find { |d| d["name"] == "django" } - expect(requests["version"]).to eq("3.1") - end - end + # TODO: This test was originally added to ensure we retained 3.6 support. + # A couple of options: + # 1. Delete the test entirely, we don't need to be doing poetry specific tests against old python versions + # 2. Use this as a test basis to "prove" that we don't support 3.6 anymore and it throws the correct / expected error. + # This would probably be useful, but make it more generic, ie, not just poetry but something that standard pip + # picks up ie using .python-version file or pyproject.toml. + # 3. Tweak the test to 3.7 (or whatever the lowest version we support is) to prove we still support that as the + # lower bound of our supported versions... not sure we need that to be poetry specific... if so, we probably need + # a python 3.7 test for poetry, pip, pip-tools etc to prove that whatever versions of those package managers that + # we ship still support our lowest supported python version. + # context "with a supported python version", :slow do + # let(:python_version) { "3.6.9" } + # let(:pyproject_fixture_name) { "python_36.toml" } + # let(:lockfile_fixture_name) { "python_36.lock" } + # let(:dependency) do + # Dependabot::Dependency.new( + # name: "django", + # version: "3.1", + # previous_version: "3.0", + # package_manager: "pip", + # requirements: [{ + # requirement: "*", + # file: "pyproject.toml", + # source: nil, + # groups: ["dependencies"] + # }], + # previous_requirements: [{ + # requirement: "*", + # file: "pyproject.toml", + # source: nil, + # groups: ["dependencies"] + # }] + # ) + # end + # it "updates the lockfile" do + # updated_lockfile = updated_files.find { |f| f.name == "pyproject.lock" } + + # lockfile_obj = TomlRB.parse(updated_lockfile.content) + # requests = lockfile_obj["package"].find { |d| d["name"] == "django" } + # expect(requests["version"]).to eq("3.1") + # end + # end context "without a lockfile" do let(:dependency_files) { [pyproject] } diff --git a/python/spec/dependabot/python/update_checker_spec.rb b/python/spec/dependabot/python/update_checker_spec.rb index 7ccd79947aec..45dc39a3acb8 100644 --- a/python/spec/dependabot/python/update_checker_spec.rb +++ b/python/spec/dependabot/python/update_checker_spec.rb @@ -200,7 +200,8 @@ content: python_version_content ) end - let(:python_version_content) { "3.7.0\n" } + # TODO: This probably should bump to a relatively new python + let(:python_version_content) { "3.11.0\n" } let(:pypi_response) do fixture("pypi", "pypi_simple_response_django.html") end @@ -219,9 +220,13 @@ it { is_expected.to eq(Gem::Version.new("3.2.4")) } context "that disallows the latest version" do - let(:python_version_content) { "3.5.3\n" } + # TODO: And this should float at the oldest python version we support... + let(:python_version_content) { "3.7.0\n" } it { is_expected.to eq(Gem::Version.new("2.2.24")) } end + + # TODO: Do we need a test in here that we properly throw an exception for the newest + # unsupported version? Ie, 3.6 throws the expected error? That may happen earlier than the update checker step though... end end diff --git a/python/spec/fixtures/lockfiles/environment_variable_source.lock b/python/spec/fixtures/lockfiles/environment_variable_source.lock index a09a54ac3208..8ca343f8dc47 100644 --- a/python/spec/fixtures/lockfiles/environment_variable_source.lock +++ b/python/spec/fixtures/lockfiles/environment_variable_source.lock @@ -12,6 +12,7 @@ "platform_release": "16.7.0", "platform_system": "Darwin", "platform_version": "Darwin Kernel Version 16.7.0: Wed Oct 4 00:17:00 PDT 2017; root:xnu-3789.71.6~1/RELEASE_X86_64", + # TODO: this will need bumping past 3.6 probably... or do we even use this? "python_full_version": "3.6.1", "python_version": "3.6", "sys_platform": "darwin" diff --git a/python/spec/fixtures/lockfiles/hard_names.lock b/python/spec/fixtures/lockfiles/hard_names.lock index a5231b1d2654..4c6256b11b3d 100644 --- a/python/spec/fixtures/lockfiles/hard_names.lock +++ b/python/spec/fixtures/lockfiles/hard_names.lock @@ -12,6 +12,7 @@ "platform_release": "16.7.0", "platform_system": "Darwin", "platform_version": "Darwin Kernel Version 16.7.0: Wed Oct 4 00:17:00 PDT 2017; root:xnu-3789.71.6~1/RELEASE_X86_64", + # TODO: this will need bumping past 3.6 probably... or do we even use this? "python_full_version": "3.6.1", "python_version": "3.6", "sys_platform": "darwin" diff --git a/python/spec/fixtures/lockfiles/version_hash.lock b/python/spec/fixtures/lockfiles/version_hash.lock index a5ee701be478..7cad1a7814ce 100644 --- a/python/spec/fixtures/lockfiles/version_hash.lock +++ b/python/spec/fixtures/lockfiles/version_hash.lock @@ -12,6 +12,7 @@ "platform_release": "16.7.0", "platform_system": "Darwin", "platform_version": "Darwin Kernel Version 16.7.0: Wed Oct 4 00:17:00 PDT 2017; root:xnu-3789.71.6~1/RELEASE_X86_64", + # TODO: this will need bumping past 3.6 probably... or do we even use this? "python_full_version": "3.6.1", "python_version": "3.6", "sys_platform": "darwin"