Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(python): pin dependency version to the exact match #969

Closed
wants to merge 1 commit into from

Conversation

RomainMuller
Copy link
Contributor

@RomainMuller RomainMuller commented Nov 11, 2019

This will make it easier for downstream consumers to revert to an older version of closures.
This is a temporary fix until we make further changes to forward the exact requirement that
was expressed on the source package.

Barring this, frighting one's way out of problems such as aws/aws-cdk#4957 is extremely
challenging.


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

This will make it easier for downstream consumers to revert to an older version of closures.
This is a temporary fix until we make further changes to forward the *exact* requirement that
was expressed on the source package.
@RomainMuller RomainMuller requested a review from a team as a code owner November 11, 2019 22:04
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

}

dependencies.push(`${depInfo.targets!.python!.distName}${versionSpecifier}`);
dependencies.push(`${depInfo.targets!.python!.distName}==${depInfo.version}`);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this have the same meaning like in all other languages?

@joekiller
Copy link

@eladb per my comment here #677 (comment) it should be ~=version instead of ==. ~= is fine with X.Y.Z but the current ~=X.Y... is incorrect

@joekiller
Copy link

It really comes down to npm is like, people are dumb and 2.7 == 2.7.0 but python is like, well 2.7 isn't technically 2.7.0 because they don't enforcement major.minor.bug.

@joekiller
Copy link

== is fine too :) I'm done for the day

@RomainMuller
Copy link
Contributor Author

Ideally, I want the dependency to match what is modeled in the source TypeScript package. This requires a few slightly deeper changes... I'll leave this for now, will get back to it tomorrow or so to re-consider on a cold head.

@joekiller
Copy link

https://www.typescriptlang.org/docs/handbook/release-notes/typescript-3-1.html#matching-behavior might help you reach a conclusion.

Being that the dependency in typescript is an arbitrary number I'd suggest Python's equivalent of ===

https://www.python.org/dev/peps/pep-0440/#arbitrary-equality

@joekiller
Copy link

arbitrary in the context that the typescript's module's version number is just as it is specified. Ie it is 1.15.0 not 1.15.0.1 not 1.15 it's just "1.15.0" and

@RomainMuller
Copy link
Contributor Author

The thing is here we're not talking about the version of typescript itself, but that of the declared dependencies of the node module we are wrapping into a nice Python shell. Those dependencies are expressed using semver ranges, and right now the generator ignores the exact specified range & generates it's own.

Currently, CDK dependencies are modeled with an exact match clause, and python actually breaches that with the current generated code... That's not great :(

@joekiller
Copy link

joekiller commented Nov 12, 2019

I was noting that the semver techniques for typescript are the same as npm.

The cdk dependencies are modeled after the package.json file correct? Ie https://github.com/aws/aws-cdk/blob/f0a62fd5324cc368752bc75f0bdae620a13e826d/packages/%40aws-cdk/aws-codepipeline-actions/package.json#L78

Is there somewhere else doing some dependencies calculations?

It appears that for all python dependencies everything is an exact version on the package.json side. Ie an arbitrary version as it has no range and is precisely the desired version. To match the expectation of exactly matching in python an exact match operator is the triple equals, ===. That should give you the same result every time. In package.json "node-pkg": "1.2.3" will always deliver 1.2.3. In python "node-pkg===1.2.3" always delivers "1.2.3".

If I'm missing something totally obvious please forgive me. I have fought many a dependency battle in nearly any language that has a dependency tree.

@joekiller
Copy link

I swear I'll stop commenting after this... pythonically ~=X.Y.Z is what you want to keep it on the bugfix version.

@RomainMuller
Copy link
Contributor Author

@joekiller - I reckon we're in violent agreement at this stage 😂

@RomainMuller
Copy link
Contributor Author

Closing in favor of some upcoming work from @MrArnoldPalmer

@RomainMuller RomainMuller deleted the rmuller/pin-python-deps branch November 27, 2019 18:46
mergify bot pushed a commit that referenced this pull request Aug 1, 2022
…/packages/@jsii/python-runtime (#3692)

Updates the requirements on [attrs](https://github.com/python-attrs/attrs) to permit the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/python-attrs/attrs/releases">attrs's releases</a>.</em></p>
<blockquote>
<h2>22.1.0</h2>
<h1>Highlights</h1>
<p>The main features of this release are:</p>
<ul>
<li>The departure of Python 2.7 (enjoy your retirement!),</li>
<li>and the arrival of Python 3.11.</li>
</ul>
<p>We had loftier goals feature-wise, but didn't want to block others embracing Python 3.11.</p>
<p>❤️ <strong>Huge</strong> thanks to my <a href="https://github.com/sponsors/hynek">GitHub sponsors</a>, <a href="https://tidelift.com/subscription/pkg/pypi-attrs">Tidelift subscribers</a>, and <a href="https://ko-fi.com/the_hynek">Ko-fi buyers</a>! ❤️</p>
<p>None of my projects would exist in their current form without you!</p>
<h1>Full Changelog</h1>
<h2>Backwards-incompatible Changes</h2>
<ul>
<li>
<p>Python 2.7 is not supported anymore.</p>
<p>Dealing with Python 2.7 tooling has become too difficult for a volunteer-run project.</p>
<p>We have supported Python 2 more than 2 years after it was officially discontinued and feel that we have paid our dues. All version up to 21.4.0 from December 2021 remain fully functional, of course. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/936">#936</a></p>
</li>
<li>
<p>The deprecated <code>cmp</code> attribute of <code>attrs.Attribute</code> has been removed. This does not affect the <em>cmp</em> argument to <code>attr.s</code> that can be used as a shortcut to set <em>eq</em> and <em>order</em> at the same time. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/939">#939</a></p>
</li>
</ul>
<h2>Changes</h2>
<ul>
<li>Instantiation of frozen slotted classes is now faster. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/898">#898</a></li>
<li>If an <code>eq</code> key is defined, it is also used before hashing the attribute. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/909">#909</a></li>
<li>Added <code>attrs.validators.min_len()</code>. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/916">#916</a></li>
<li><code>attrs.validators.deep_iterable()</code>'s <em>member_validator</em> argument now also accepts a list of validators and wraps them in an <code>attrs.validators.and_()</code>. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/925">#925</a></li>
<li>Added missing type stub re-imports for <code>attrs.converters</code> and <code>attrs.filters</code>. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/931">#931</a></li>
<li>Added missing stub for <code>attr(s).cmp_using()</code>. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/949">#949</a></li>
<li><code>attrs.validators._in()</code>'s <code>ValueError</code> is not missing the attribute, expected options, and the value it got anymore. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/951">#951</a></li>
<li>Python 3.11 is now officially supported. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/969">#969</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/python-attrs/attrs/blob/main/CHANGELOG.rst">attrs's changelog</a>.</em></p>
<blockquote>
<h2>22.1.0 (2022-07-28)</h2>
<p>Backwards-incompatible Changes
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^</p>
<ul>
<li>
<p>Python 2.7 is not supported anymore.</p>
<p>Dealing with Python 2.7 tooling has become too difficult for a volunteer-run project.</p>
<p>We have supported Python 2 more than 2 years after it was officially discontinued and feel that we have paid our dues.
All version up to 21.4.0 from December 2021 remain fully functional, of course.
<code>[#936](python-attrs/attrs#936) &lt;https://github.com/python-attrs/attrs/issues/936&gt;</code>_</p>
</li>
<li>
<p>The deprecated <code>cmp</code> attribute of <code>attrs.Attribute</code> has been removed.
This does not affect the <em>cmp</em> argument to <code>attr.s</code> that can be used as a shortcut to set <em>eq</em> and <em>order</em> at the same time.
<code>[#939](python-attrs/attrs#939) &lt;https://github.com/python-attrs/attrs/issues/939&gt;</code>_</p>
</li>
</ul>
<p>Changes
^^^^^^^</p>
<ul>
<li>Instantiation of frozen slotted classes is now faster.
<code>[#898](python-attrs/attrs#898) &lt;https://github.com/python-attrs/attrs/issues/898&gt;</code>_</li>
<li>If an <code>eq</code> key is defined, it is also used before hashing the attribute.
<code>[#909](python-attrs/attrs#909) &lt;https://github.com/python-attrs/attrs/issues/909&gt;</code>_</li>
<li>Added <code>attrs.validators.min_len()</code>.
<code>[#916](python-attrs/attrs#916) &lt;https://github.com/python-attrs/attrs/issues/916&gt;</code>_</li>
<li><code>attrs.validators.deep_iterable()</code>'s <em>member_validator</em> argument now also accepts a list of validators and wraps them in an <code>attrs.validators.and_()</code>.
<code>[#925](python-attrs/attrs#925) &lt;https://github.com/python-attrs/attrs/issues/925&gt;</code>_</li>
<li>Added missing type stub re-imports for <code>attrs.converters</code> and <code>attrs.filters</code>.
<code>[#931](python-attrs/attrs#931) &lt;https://github.com/python-attrs/attrs/issues/931&gt;</code>_</li>
<li>Added missing stub for <code>attr(s).cmp_using()</code>.
<code>[#949](python-attrs/attrs#949) &lt;https://github.com/python-attrs/attrs/issues/949&gt;</code>_</li>
<li><code>attrs.validators._in()</code>'s <code>ValueError</code> is not missing the attribute, expected options, and the value it got anymore.
<code>[#951](python-attrs/attrs#951) &lt;https://github.com/python-attrs/attrs/issues/951&gt;</code>_</li>
<li>Python 3.11 is now officially supported.
<code>[#969](python-attrs/attrs#969) &lt;https://github.com/python-attrs/attrs/issues/969&gt;</code>_</li>
</ul>
<hr />
<h2>21.4.0 (2021-12-29)</h2>
<p>Changes
^^^^^^^</p>
<ul>
<li>Fixed the test suite on PyPy3.8 where <code>cloudpickle</code> does not work.
<code>[#892](python-attrs/attrs#892) &lt;https://github.com/python-attrs/attrs/issues/892&gt;</code>_</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/python-attrs/attrs/commit/b3dfebe2e10b44437c4f97d788fb5220d790efd0"><code>b3dfebe</code></a> Prepare 22.1.0</li>
<li><a href="https://github.com/python-attrs/attrs/commit/c89abcd6e6a826b00898f93e851c96b78c80891f"><code>c89abcd</code></a> It totally is correct</li>
<li><a href="https://github.com/python-attrs/attrs/commit/9f118b7dd5328ee5abd7f3880971ab9554047c3a"><code>9f118b7</code></a> Tune first steps</li>
<li><a href="https://github.com/python-attrs/attrs/commit/a3d7f20e54ba29d5ec73563c167d877351228cf2"><code>a3d7f20</code></a> Polish contributing guide</li>
<li><a href="https://github.com/python-attrs/attrs/commit/899497f165b3c8291b66c9c3a01b64881b69cf39"><code>899497f</code></a> Clarify (c) ownership</li>
<li><a href="https://github.com/python-attrs/attrs/commit/696fd786901a6b82b828dd71e3fd64bfae1014ca"><code>696fd78</code></a> Hyphenate compound adjectives</li>
<li><a href="https://github.com/python-attrs/attrs/commit/65c06831c1eee4d9895511c7db5caffba9d93c0e"><code>65c0683</code></a> Use NG APIs in glossary</li>
<li><a href="https://github.com/python-attrs/attrs/commit/5d84d9a5686e8210b1616447ac05021b6b211157"><code>5d84d9a</code></a> Move mypy config to pyproject.toml</li>
<li><a href="https://github.com/python-attrs/attrs/commit/1590917bf7c49e35bb429d117650f660aa45e0e4"><code>1590917</code></a> Update readme.rst (<a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/986">#986</a>)</li>
<li><a href="https://github.com/python-attrs/attrs/commit/a67c84f51e4e3df875961d287583abaef673eb48"><code>a67c84f</code></a> Add more prominent callout about slots to API docs</li>
<li>Additional commits viewable in <a href="https://github.com/python-attrs/attrs/compare/21.2.0...22.1.0">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit that referenced this pull request Feb 12, 2024
…/packages/jsii-pacmak/lib/targets/python (#4422)

Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p>
<blockquote>
<h2>Twine 5.0.0 (2024-02-10)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Use <code>email.message</code> instead of <code>cgi</code> as <code>cgi</code> has been deprecated (<code>[#969](pypa/twine#969) &lt;https://github.com/pypa/twine/issues/969&gt;</code>_)</li>
</ul>
<p>Misc
^^^^</p>
<ul>
<li><code>[#931](pypa/twine#931) &lt;https://github.com/pypa/twine/issues/931&gt;</code><em>, <code>[#991](pypa/twine#991) &lt;https://github.com/pypa/twine/issues/991&gt;</code></em>, <code>[#1028](pypa/twine#1028) &lt;https://github.com/pypa/twine/issues/1028&gt;</code><em>, <code>[#1040](pypa/twine#1040) &lt;https://github.com/pypa/twine/issues/1040&gt;</code></em></li>
</ul>
<h2>Twine 4.0.2 (2022-11-30)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove deprecated function to fix <code>twine check</code> with pkginfo 1.9.0. (<code>[#941](pypa/twine#941) &lt;https://github.com/pypa/twine/issues/941&gt;</code>_)</li>
</ul>
<h2>Twine 4.0.1 (2022-06-01)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Improve logging when keyring fails. (<code>[#890](pypa/twine#890) &lt;https://github.com/pypa/twine/issues/890&gt;</code>_)</li>
<li>Reconfigure root logger to show all log messages. (<code>[#896](pypa/twine#896) &lt;https://github.com/pypa/twine/issues/896&gt;</code>_)</li>
</ul>
<h2>Twine 4.0.0 (2022-03-31)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Drop support for Python 3.6. (<code>[#869](pypa/twine#869) &lt;https://github.com/pypa/twine/issues/869&gt;</code>_)</li>
<li>Use Rich to add color to <code>upload</code> output. (<code>[#851](pypa/twine#851) &lt;https://github.com/pypa/twine/issues/851&gt;</code>_)</li>
<li>Use Rich to add color to <code>check</code> output. (<code>[#874](pypa/twine#874) &lt;https://github.com/pypa/twine/issues/874&gt;</code>_)</li>
<li>Use Rich instead of tqdm for upload progress bar. (<code>[#877](pypa/twine#877) &lt;https://github.com/pypa/twine/issues/877&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove Twine's dependencies from the <code>User-Agent</code> header when uploading. (<code>[#871](pypa/twine#871) &lt;https://github.com/pypa/twine/issues/871&gt;</code>_)</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/twine/commit/94f810c54c8bc9d418a9ed64890ca9fa4ec7b59f"><code>94f810c</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1047">#1047</a> from pypa/new-release</li>
<li><a href="https://github.com/pypa/twine/commit/09d993ad4de12f3d11ddf25ff4b4db54714f1969"><code>09d993a</code></a> Update linkcheck_ignore setting for docs</li>
<li><a href="https://github.com/pypa/twine/commit/ab0ed199154f8ab341d88c313cf4c2e785d770ee"><code>ab0ed19</code></a> Apply 2024 black format</li>
<li><a href="https://github.com/pypa/twine/commit/407e6cc0c42eb0dcbc679cb2ffbffcc5dcbc150b"><code>407e6cc</code></a> Build changelog for 5.0.0</li>
<li><a href="https://github.com/pypa/twine/commit/6644b862bb4555ddcb375c794ec5161de4a248df"><code>6644b86</code></a> Add missing changelog entries</li>
<li><a href="https://github.com/pypa/twine/commit/fe1885f2bf896c1852dedea7733a582c5718bbbc"><code>fe1885f</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1034">#1034</a> from DimitriPapadopoulos/codespell</li>
<li><a href="https://github.com/pypa/twine/commit/694bdcf84686c2821ca3168fbc75c2fa5c901188"><code>694bdcf</code></a> Fix typos found by codespell</li>
<li><a href="https://github.com/pypa/twine/commit/89ec78c6be4b4b1bb22514bcddef8f6014c1ba53"><code>89ec78c</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1040">#1040</a> from woodruffw-forks/ww/pypi-mandatory-api-tokens</li>
<li><a href="https://github.com/pypa/twine/commit/b3b363aae8cf83bfbdf9228f5e80d9bdb4765053"><code>b3b363a</code></a> tests: lintage</li>
<li><a href="https://github.com/pypa/twine/commit/6e94d200e20f700fa2e905dd32afeb367d321b67"><code>6e94d20</code></a> tests: more non-PyPI tests</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/4.0.2...5.0.0">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit that referenced this pull request May 17, 2024
…/packages/jsii-pacmak/lib/targets/python (#4516)

Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p>
<blockquote>
<h2>Twine 5.1.0 (2024-05-15)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Add the experimental <code>--attestations</code> flag. (<code>[#1095](pypa/twine#1095) &lt;https://github.com/pypa/twine/issues/1095&gt;</code>_)</li>
</ul>
<h2>Twine 5.1.0 (2024-05-15)</h2>
<p>Misc
^^^^</p>
<ul>
<li><code>[#1104](pypa/twine#1104) &lt;https://github.com/pypa/twine/issues/1104&gt;</code>_</li>
</ul>
<h2>Twine 5.0.0 (2024-02-10)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Use <code>email.message</code> instead of <code>cgi</code> as <code>cgi</code> has been deprecated (<code>[#969](pypa/twine#969) &lt;https://github.com/pypa/twine/issues/969&gt;</code>_)</li>
</ul>
<p>Misc
^^^^</p>
<ul>
<li><code>[#931](pypa/twine#931) &lt;https://github.com/pypa/twine/issues/931&gt;</code><em>, <code>[#991](pypa/twine#991) &lt;https://github.com/pypa/twine/issues/991&gt;</code></em>, <code>[#1028](pypa/twine#1028) &lt;https://github.com/pypa/twine/issues/1028&gt;</code><em>, <code>[#1040](pypa/twine#1040) &lt;https://github.com/pypa/twine/issues/1040&gt;</code></em></li>
</ul>
<h2>Twine 4.0.2 (2022-11-30)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove deprecated function to fix <code>twine check</code> with pkginfo 1.9.0. (<code>[#941](pypa/twine#941) &lt;https://github.com/pypa/twine/issues/941&gt;</code>_)</li>
</ul>
<h2>Twine 4.0.1 (2022-06-01)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Improve logging when keyring fails. (<code>[#890](pypa/twine#890) &lt;https://github.com/pypa/twine/issues/890&gt;</code>_)</li>
<li>Reconfigure root logger to show all log messages. (<code>[#896](pypa/twine#896) &lt;https://github.com/pypa/twine/issues/896&gt;</code>_)</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/twine/commit/e9f70cff51d5b355305680b8501bdb17c2de015e"><code>e9f70cf</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1108">#1108</a> from pypa/fix-release-workflow</li>
<li><a href="https://github.com/pypa/twine/commit/1908be7034789d3fd97eaa4c904a89b214f49ded"><code>1908be7</code></a> Fix release workflow</li>
<li><a href="https://github.com/pypa/twine/commit/6d7ffea75bd8713c749041ea5415f0496c9dd9b6"><code>6d7ffea</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1107">#1107</a> from woodruffw-forks/release-5.1.0</li>
<li><a href="https://github.com/pypa/twine/commit/bc91e5719c136acaf5b2fe0c1679ce1ba8d40963"><code>bc91e57</code></a> Update changelog for 5.1.0</li>
<li><a href="https://github.com/pypa/twine/commit/de39ade426cc8b4b0b2261ca8dd1617fdf9764d2"><code>de39ade</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1085">#1085</a> from pypa/feature/pep-621</li>
<li><a href="https://github.com/pypa/twine/commit/75de094adbf6765429254cc73775288a971d8321"><code>75de094</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1104">#1104</a> from ascheel/main</li>
<li><a href="https://github.com/pypa/twine/commit/c512bbf166ac38239e58545a39155285f8747a7b"><code>c512bbf</code></a> Properly handle repository URLs with auth in them</li>
<li><a href="https://github.com/pypa/twine/commit/e0ed8088fc872f449376d6d8e4fbf1b71b1a504f"><code>e0ed808</code></a> Changelog entry</li>
<li><a href="https://github.com/pypa/twine/commit/72ee030a0783959419962b9c4ff5c9fe16e5c507"><code>72ee030</code></a> Change regex string to a raw string.</li>
<li><a href="https://github.com/pypa/twine/commit/04d7e2713466a06df6445fb0b01c3b9c79879ec7"><code>04d7e27</code></a> Sanitize URLs for logging/display purposes.</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/5.0.0...5.1.0">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit that referenced this pull request Jun 27, 2024
…/packages/jsii-pacmak/lib/targets/python (#4558)

Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p>
<blockquote>
<h2>Twine 5.1.1 (2024-06-26)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>
<p>Resolve DeprecationWarnings when extracting <code>twine</code> metadata. (<code>[#1115](pypa/twine#1115) &lt;https://github.com/pypa/twine/issues/1115&gt;</code>_)</p>
</li>
<li>
<p>Fix bug for Repository URLs with auth where the port was lost. When attempting
to prevent printing authentication credentials in URLs provided with username
and password, we did not properly handle the case where the URL also contains
a port (when reconstructing the URL). This is now handled and tested to
ensure no regressions. (<code>#fix-repo-urls-with-auth-and-port &lt;https://github.com/pypa/twine/issues/fix-repo-urls-with-auth-and-port&gt;</code>_)</p>
</li>
</ul>
<h2>Twine 5.1.0 (2024-05-15)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Add the experimental <code>--attestations</code> flag. (<code>[#1095](pypa/twine#1095) &lt;https://github.com/pypa/twine/issues/1095&gt;</code>_)</li>
</ul>
<h2>Twine 5.1.0 (2024-05-15)</h2>
<p>Misc
^^^^</p>
<ul>
<li><code>[#1104](pypa/twine#1104) &lt;https://github.com/pypa/twine/issues/1104&gt;</code>_</li>
</ul>
<h2>Twine 5.0.0 (2024-02-10)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Use <code>email.message</code> instead of <code>cgi</code> as <code>cgi</code> has been deprecated (<code>[#969](pypa/twine#969) &lt;https://github.com/pypa/twine/issues/969&gt;</code>_)</li>
</ul>
<p>Misc
^^^^</p>
<ul>
<li><code>[#931](pypa/twine#931) &lt;https://github.com/pypa/twine/issues/931&gt;</code><em>, <code>[#991](pypa/twine#991) &lt;https://github.com/pypa/twine/issues/991&gt;</code></em>, <code>[#1028](pypa/twine#1028) &lt;https://github.com/pypa/twine/issues/1028&gt;</code><em>, <code>[#1040](pypa/twine#1040) &lt;https://github.com/pypa/twine/issues/1040&gt;</code></em></li>
</ul>
<h2>Twine 4.0.2 (2022-11-30)</h2>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/twine/commit/e29791dcbcd4d39ffc5c4ce2e38e3884005bd368"><code>e29791d</code></a> Prepare for v5.1.1 (<a href="https://github.com/pypa/twine/issues/1114">#1114</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/f213ede904ec8553c82e75d6125efd1972fe8b00"><code>f213ede</code></a> fix: Retrieve metadata correctly from importlib_metadata (<a href="https://github.com/pypa/twine/issues/1115">#1115</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/6fbf880ee60915cf1666348c4bdd78a10415f2ac"><code>6fbf880</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1112">#1112</a> from pypa/bug/1111</li>
<li><a href="https://github.com/pypa/twine/commit/3eb9121c6d6cdb0b0d2c0e55c89319cbceda038a"><code>3eb9121</code></a> Remove extra line from changelog entry</li>
<li><a href="https://github.com/pypa/twine/commit/0191f0c9d9cae285df4c700dece7efc7c7de1551"><code>0191f0c</code></a> Preserve ports when munging repository URLs</li>
<li><a href="https://github.com/pypa/twine/commit/c5887932a552c859376a53fb4dbe39f2ab17ba20"><code>c588793</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1110">#1110</a> from DimitriPapadopoulos/principle</li>
<li><a href="https://github.com/pypa/twine/commit/1fdc197636fa1d354d5e4113121698e08824d3a0"><code>1fdc197</code></a> Fix a couple typos</li>
<li><a href="https://github.com/pypa/twine/commit/13b07b67fdc7b6de589640655045687953edab24"><code>13b07b6</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1109">#1109</a> from pypa/dependabot/github_actions/actions/checkout...</li>
<li><a href="https://github.com/pypa/twine/commit/a3e837326aa9691c89ebefecb1449977d33f89e4"><code>a3e8373</code></a> build(deps): bump actions/checkout from 4.1.5 to 4.1.6</li>
<li><a href="https://github.com/pypa/twine/commit/e9f70cff51d5b355305680b8501bdb17c2de015e"><code>e9f70cf</code></a> Merge pull request <a href="https://github.com/pypa/twine/issues/1108">#1108</a> from pypa/fix-release-workflow</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/5.0.0...v5.1.1">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants