Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade vendored poetry to support urllib3>2.0, conda-lock pin prevents latest boto3 versions #622

Open
2 tasks done
rxm7706 opened this issue Apr 14, 2024 · 1 comment
Open
2 tasks done

Comments

@rxm7706
Copy link

rxm7706 commented Apr 14, 2024

Checklist

  • I added a descriptive title
  • I searched open requests and couldn't find a duplicate

What is the idea?

conda-lock currently downgrades urllib3 to less than version 2.0,
https://github.com/conda/conda-lock/blob/main/pyproject.toml#L69
Poetry removed the pin for urllib with poetry version 1.6.0 (poetry-core 1.7.0, cleo >=2.0.0)
https://github.com/python-poetry/poetry/blob/1.6.0/pyproject.toml

Revendor poetry https://github.com/conda/conda-lock/blob/main/conda_lock/_vendor/vendor.txt
with latest versions

  • poetry=1.8.2
  • poetry-core=1.9.0
  • cleo=2.1.0

Why is this needed?

Critical packages are now being updated with urllib3>=2.0 only
urllib3 <2.0.0 limits aiobotocore to 2.12.2, botocore to 1.34.51 and boto3 to 1.34.51 -

What should happen?

Revendor poetry https://github.com/conda/conda-lock/blob/main/conda_lock/_vendor/vendor.txt
change current versions

Poetry-related:

cleo==0.8.1
poetry==1.1.15
poetry-core==1.0.8
to
latest versions

  • poetry=1.8.2
  • poetry-core=1.9.0
  • cleo=2.1.0

Additional Context

WIP

No response

@cbouss
Copy link

cbouss commented Nov 28, 2024

It seems that this will be fixed for the 3.0.0 release: #725

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants