1. Patchew
  2. QEMU
  3. [PATCH 0/5] python: add QAPI and qapidoc et al to python linter tests
  4. View patch

[PATCH 3/5] python: update missing dependencies from minreqs

John Snow posted 5 patches 1 week, 3 days ago
[PATCH 3/5] python: update missing dependencies from minreqs
Posted by John Snow 1 week, 3 days ago 
A few transitive dependencies were left floating; as a result, pip's
dependency solver can pull in newer dependencies, which we don't
want. Pin them down.

Signed-off-by: John Snow <jsnow@redhat.com>
---
 python/tests/minreqs.txt | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/python/tests/minreqs.txt b/python/tests/minreqs.txt
index a3f423efd84..19c0f5e4c50 100644
--- a/python/tests/minreqs.txt
+++ b/python/tests/minreqs.txt
@@ -38,10 +38,14 @@ pyflakes==2.5.0
 
 # Transitive mypy dependencies
 mypy-extensions==1.0.0
+tomli==1.1.0
 typing-extensions==4.7.1
 
 # Transitive pylint dependencies
 astroid==2.15.4
+dill==0.2
 lazy-object-proxy==1.4.0
+platformdirs==2.2.0
 toml==0.10.0
+tomlkit==0.10.1
 wrapt==1.14.0
-- 
2.48.1
Re: [PATCH 3/5] python: update missing dependencies from minreqs
Posted by Markus Armbruster 6 days, 2 hours ago 
John Snow <jsnow@redhat.com> writes:

> A few transitive dependencies were left floating; as a result, pip's
> dependency solver can pull in newer dependencies, which we don't
> want. Pin them down.
>
> Signed-off-by: John Snow <jsnow@redhat.com>

What problem exactly does this fix?  Make target check-minreqs?

> ---
>  python/tests/minreqs.txt | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/python/tests/minreqs.txt b/python/tests/minreqs.txt
> index a3f423efd84..19c0f5e4c50 100644
> --- a/python/tests/minreqs.txt
> +++ b/python/tests/minreqs.txt
> @@ -38,10 +38,14 @@ pyflakes==2.5.0
>  
>  # Transitive mypy dependencies
>  mypy-extensions==1.0.0
> +tomli==1.1.0
>  typing-extensions==4.7.1
>  
>  # Transitive pylint dependencies
>  astroid==2.15.4
> +dill==0.2
>  lazy-object-proxy==1.4.0
> +platformdirs==2.2.0
>  toml==0.10.0
> +tomlkit==0.10.1
>  wrapt==1.14.0
Re: [PATCH 3/5] python: update missing dependencies from minreqs
Posted by John Snow 5 days, 12 hours ago 
On Wed, Mar 26, 2025 at 2:08 AM Markus Armbruster <armbru@redhat.com> wrote:

> John Snow <jsnow@redhat.com> writes:
>
> > A few transitive dependencies were left floating; as a result, pip's
> > dependency solver can pull in newer dependencies, which we don't
> > want. Pin them down.
> >
> > Signed-off-by: John Snow <jsnow@redhat.com>
>
> What problem exactly does this fix?  Make target check-minreqs?
>

I'm not sure it's a "problem" as such, but an inconsistency. Yes, it's with
check-minreqs -- without this patch, pip is free to choose newer versions
of these dependencies as appropriate. Though unlikely at this point, in
theory, new dependency updates could be selected by pip and invalidate the
concept of an entirely fixed/pinned virtual environment.

That these transitive dependencies were not frozen initially was an
oversight.

check-minreqs is supposed to build the exact same venv every time without
fail. Without this change, it's *possible* that it might do something
different on release day if someone releases a new package. No good,
probably.


>
> > ---
> >  python/tests/minreqs.txt | 4 ++++
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/python/tests/minreqs.txt b/python/tests/minreqs.txt
> > index a3f423efd84..19c0f5e4c50 100644
> > --- a/python/tests/minreqs.txt
> > +++ b/python/tests/minreqs.txt
> > @@ -38,10 +38,14 @@ pyflakes==2.5.0
> >
> >  # Transitive mypy dependencies
> >  mypy-extensions==1.0.0
> > +tomli==1.1.0
> >  typing-extensions==4.7.1
> >
> >  # Transitive pylint dependencies
> >  astroid==2.15.4
> > +dill==0.2
> >  lazy-object-proxy==1.4.0
> > +platformdirs==2.2.0
> >  toml==0.10.0
> > +tomlkit==0.10.1
> >  wrapt==1.14.0
>
>
Re: [PATCH 3/5] python: update missing dependencies from minreqs
Posted by Markus Armbruster 5 days, 2 hours ago 
John Snow <jsnow@redhat.com> writes:

> On Wed, Mar 26, 2025 at 2:08 AM Markus Armbruster <armbru@redhat.com> wrote:
>
>> John Snow <jsnow@redhat.com> writes:
>>
>> > A few transitive dependencies were left floating; as a result, pip's
>> > dependency solver can pull in newer dependencies, which we don't
>> > want. Pin them down.
>> >
>> > Signed-off-by: John Snow <jsnow@redhat.com>
>>
>> What problem exactly does this fix?  Make target check-minreqs?
>>
>
> I'm not sure it's a "problem" as such, but an inconsistency. Yes, it's with
> check-minreqs -- without this patch, pip is free to choose newer versions
> of these dependencies as appropriate. Though unlikely at this point, in
> theory, new dependency updates could be selected by pip and invalidate the
> concept of an entirely fixed/pinned virtual environment.
>
> That these transitive dependencies were not frozen initially was an
> oversight.
>
> check-minreqs is supposed to build the exact same venv every time without
> fail. Without this change, it's *possible* that it might do something
> different on release day if someone releases a new package. No good,
> probably.

I see.

You've been spoiling me with really nice commit messages...  If you'd
like to push this one to that level, I'd suggest to start with a short
paragraph explaining why we pin versions for check-minreq, then state
the issue being fixed: we missed some pins.

[...]
Re: [PATCH 3/5] python: update missing dependencies from minreqs
Posted by John Snow 13 hours ago 
On Thu, Mar 27, 2025 at 1:36 AM Markus Armbruster <armbru@redhat.com> wrote:

> John Snow <jsnow@redhat.com> writes:
>
> > On Wed, Mar 26, 2025 at 2:08 AM Markus Armbruster <armbru@redhat.com>
> wrote:
> >
> >> John Snow <jsnow@redhat.com> writes:
> >>
> >> > A few transitive dependencies were left floating; as a result, pip's
> >> > dependency solver can pull in newer dependencies, which we don't
> >> > want. Pin them down.
> >> >
> >> > Signed-off-by: John Snow <jsnow@redhat.com>
> >>
> >> What problem exactly does this fix?  Make target check-minreqs?
> >>
> >
> > I'm not sure it's a "problem" as such, but an inconsistency. Yes, it's
> with
> > check-minreqs -- without this patch, pip is free to choose newer versions
> > of these dependencies as appropriate. Though unlikely at this point, in
> > theory, new dependency updates could be selected by pip and invalidate
> the
> > concept of an entirely fixed/pinned virtual environment.
> >
> > That these transitive dependencies were not frozen initially was an
> > oversight.
> >
> > check-minreqs is supposed to build the exact same venv every time without
> > fail. Without this change, it's *possible* that it might do something
> > different on release day if someone releases a new package. No good,
> > probably.
>
> I see.
>
> You've been spoiling me with really nice commit messages...  If you'd
> like to push this one to that level, I'd suggest to start with a short
> paragraph explaining why we pin versions for check-minreq, then state
> the issue being fixed: we missed some pins.
>

"If you give a mouse a cookie, ..."

Already typed it all out to you, might as well update the commit message at
this point.

--js

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.