Dependabot PRs add setuptools as package dependency #5868
Labels
Comments
l0b0
added a commit
to linz/geostore
that referenced
this issue
Oct 11, 2022
This is due to a bug in poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>.
l0b0
added a commit
to linz/geostore
that referenced
this issue
Oct 11, 2022
This is due to a bug in poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>.
l0b0
added a commit
to linz/geostore
that referenced
this issue
Oct 11, 2022
This is due to a bug in Poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>.
l0b0
added a commit
to linz/geostore
that referenced
this issue
Oct 11, 2022
This is due to a bug in Poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>.
l0b0
added a commit
to linz/geostore
that referenced
this issue
Oct 11, 2022
This is due to a bug in Poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>.
l0b0
pushed a commit
to linz/geostore
that referenced
this issue
Oct 11, 2022
Bumps [aws-cdk-lib](https://github.com/aws/aws-cdk) from 2.41.0 to 2.45.0. - [Release notes](https://github.com/aws/aws-cdk/releases) - [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.md) - [Commits](aws/aws-cdk@v2.41.0...v2.45.0) --- updated-dependencies: - dependency-name: aws-cdk-lib dependency-type: direct:production update-type: version-update:semver-minor ... Also removes mention of setuptools. This is due to a bug in Poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>. Signed-off-by: dependabot[bot] <support@github.com>
l0b0
added a commit
to linz/geostore
that referenced
this issue
Oct 11, 2022
This is due to a bug in Poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>.
l0b0
added a commit
to linz/geostore
that referenced
this issue
Oct 11, 2022
This is due to a bug in Poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>.
l0b0
added a commit
to linz/geostore
that referenced
this issue
Oct 11, 2022
This is due to a bug in poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>.
l0b0
added a commit
to linz/geostore
that referenced
this issue
Oct 11, 2022
This is due to a bug in Poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>.
kodiakhq bot
pushed a commit
to linz/geostore
that referenced
this issue
Oct 11, 2022
* build(deps-dev): Bump types-requests from 2.28.9 to 2.28.11.2 Bumps [types-requests](https://github.com/python/typeshed) from 2.28.9 to 2.28.11.2. - [Release notes](https://github.com/python/typeshed/releases) - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-requests dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix: Remove mention of setuptools This is due to a bug in Poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Victor Engmark <vengmark@linz.govt.nz>
|
Hmm, we recently upgraded What makes you think this is due to an older version of Have you tried running the update locally using the |
After a bit more investigation, it turns out I had this the wrong way around - the newer versions of Poetry are the ones causing issues because setuptools is no longer excluded from the lock file. I get a workable lock file with current poetry2nix using Poetry 1.1.14. The fix is actually arriving in poetry2nix, which is now able to deal with this change. Sorry for the noise. |
kodiakhq bot
added a commit
to linz/geostore
that referenced
this issue
Oct 12, 2022
Bumps [aws-cdk-lib](https://github.com/aws/aws-cdk) from 2.41.0 to 2.45.0. - [Release notes](https://github.com/aws/aws-cdk/releases) - [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.md) - [Commits](aws/aws-cdk@v2.41.0...v2.45.0) --- updated-dependencies: - dependency-name: aws-cdk-lib dependency-type: direct:production update-type: version-update:semver-minor ... Also removes mention of setuptools. This is due to a bug in Poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>. Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
kodiakhq bot
added a commit
to linz/geostore
that referenced
this issue
Oct 12, 2022
…2012) * build(deps): Bump aws-cdk-aws-batch-alpha from 2.24.0a0 to 2.41.0a0 Bumps [aws-cdk-aws-batch-alpha](https://github.com/aws/aws-cdk) from 2.24.0a0 to 2.41.0a0. - [Release notes](https://github.com/aws/aws-cdk/releases) - [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.md) - [Commits](https://github.com/aws/aws-cdk/commits) --- updated-dependencies: - dependency-name: aws-cdk-aws-batch-alpha dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix: Remove mention of setuptools This is due to a bug in poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Victor Engmark <vengmark@linz.govt.nz> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
|
No problem thanks for letting us know |
kodiakhq bot
added a commit
to linz/geostore
that referenced
this issue
Oct 12, 2022
* build(deps): bump linz-logger from 0.8.0 to 0.9.0 Bumps [linz-logger](https://github.com/linz/python-linz-logger) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/linz/python-linz-logger/releases) - [Commits](https://github.com/linz/python-linz-logger/commits) --- updated-dependencies: - dependency-name: linz-logger dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix: Remove mention of setuptools This is due to a bug in Poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Victor Engmark <vengmark@linz.govt.nz> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
kodiakhq bot
added a commit
to linz/geostore
that referenced
this issue
Oct 12, 2022
* build(deps): bump smart-open from 6.1.0 to 6.2.0 Bumps [smart-open](https://github.com/piskvorky/smart_open) from 6.1.0 to 6.2.0. - [Release notes](https://github.com/piskvorky/smart_open/releases) - [Changelog](https://github.com/RaRe-Technologies/smart_open/blob/develop/CHANGELOG.md) - [Commits](piskvorky/smart_open@v6.1.0...v6.2.0) --- updated-dependencies: - dependency-name: smart-open dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix: Remove mention of setuptools This is due to a bug in Poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Victor Engmark <vengmark@linz.govt.nz> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
kodiakhq bot
added a commit
to linz/geostore
that referenced
this issue
Oct 12, 2022
* build(deps-dev): bump boto3-stubs from 1.24.88 to 1.24.89 Bumps [boto3-stubs](https://github.com/youtype/mypy_boto3_builder) from 1.24.88 to 1.24.89. - [Release notes](https://github.com/youtype/mypy_boto3_builder/releases) - [Commits](https://github.com/youtype/mypy_boto3_builder/commits) --- updated-dependencies: - dependency-name: boto3-stubs dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix: Remove mention of setuptools This is due to a bug in Poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Victor Engmark <vengmark@linz.govt.nz> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
l0b0
added a commit
to linz/geostore
that referenced
this issue
Oct 12, 2022
This is due to a bug in poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>.
l0b0
added a commit
to linz/geostore
that referenced
this issue
Oct 12, 2022
This is due to a bug in poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>.
l0b0
added a commit
to linz/geostore
that referenced
this issue
Oct 12, 2022
This is due to a bug in poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>.
kodiakhq bot
pushed a commit
to linz/geostore
that referenced
this issue
Oct 12, 2022
…45.0a0 (#2138) * build(deps): bump aws-cdk-aws-lambda-python-alpha Bumps [aws-cdk-aws-lambda-python-alpha](https://github.com/aws/aws-cdk) from 2.41.0a0 to 2.45.0a0. - [Release notes](https://github.com/aws/aws-cdk/releases) - [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.md) - [Commits](https://github.com/aws/aws-cdk/commits) --- updated-dependencies: - dependency-name: aws-cdk-aws-lambda-python-alpha dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix: Remove mention of setuptools This is due to a bug in poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Victor Engmark <vengmark@linz.govt.nz>
kodiakhq bot
added a commit
to linz/geostore
that referenced
this issue
Oct 12, 2022
…2139) * build(deps): bump aws-cdk-aws-batch-alpha from 2.41.0a0 to 2.45.0a0 Bumps [aws-cdk-aws-batch-alpha](https://github.com/aws/aws-cdk) from 2.41.0a0 to 2.45.0a0. - [Release notes](https://github.com/aws/aws-cdk/releases) - [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.md) - [Commits](https://github.com/aws/aws-cdk/commits) --- updated-dependencies: - dependency-name: aws-cdk-aws-batch-alpha dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix: Remove mention of setuptools This is due to a bug in poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Victor Engmark <vengmark@linz.govt.nz> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
l0b0
added a commit
to linz/geostore
that referenced
this issue
Oct 17, 2022
This is due to a bug in poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>.
kodiakhq bot
added a commit
to linz/geostore
that referenced
this issue
Oct 17, 2022
* build(deps): bump jsonschema from 4.5.1 to 4.16.0 Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.5.1 to 4.16.0. - [Release notes](https://github.com/python-jsonschema/jsonschema/releases) - [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) - [Commits](python-jsonschema/jsonschema@v4.5.1...v4.16.0) --- updated-dependencies: - dependency-name: jsonschema dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix: Remove mention of setuptools This is due to a bug in poetry, which causes an infinite loop in nix-shell <dependabot/dependabot-core#5868>. * fix: Remove reference to unused package * fix: Add build requirement for jsonschema Can be removed once we update poetry2nix sufficiently. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Victor Engmark <vengmark@linz.govt.nz> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing issue for this?
Package ecosystem
pip
Package manager version
Unknown (whatever Poetry version GitHub Dependabot is using)
Language version
Python 3.9
Manifest location and content before the Dependabot update
Gist
dependabot.yml content
Gist
Updated dependency
Gist
What you expected to see, versus what you actually saw
None of the package dependencies should include the setuptools package. This is a bug in older versions of Poetry, which cause issues when trying to install packages. In particular, the stricter poetry2nix runs into an infinite loop (upstream issue) when trying to deal with a lock file containing setuptools.
Native package manager behavior
More recent versions of Poetry do not include setuptools when running
poetry lock. For a few weeks or months now I've been working around this behaviour by manually removing any reference to setuptools from poetry.lock in Dependabot PRs.Images of the diff or a link to the PR, issue, or logs
PR
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered: