Python package requests
not being updated to latest version
#29572
Replies: 2 comments 7 replies
-
Are you using OSV or built-in GitHub vulnerability alerts? See #29280 for the former |
Beta Was this translation helpful? Give feedback.
-
Hi there, Get your discussion fixed faster by creating a minimal reproduction. This means a repository dedicated to reproducing this issue with the minimal dependencies and config possible. Before we start working on your issue we need to know exactly what's causing the current behavior. A minimal reproduction helps us with this. Discussions without reproductions are less likely to be converted to Issues. To get started, please read our guide on creating a minimal reproduction. Good luck, The Renovate team |
Beta Was this translation helpful? Give feedback.
-
What would you like help with?
I think I found a bug
How are you running Renovate?
Mend Renovate hosted app on github.com
If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.
No response
Please tell us more about your question or problem
I have a Python project using Poetry where Renovate is not updating the
requests
package to latest version. Currently, it's pinned at2.31.0
as you can see here. The latest version should be2.32.3
from PyPI, but I haven't seen Renovate raising a PR to bump the version.I think the problem is because there is a vulnerability alert which advises updating the version to
2.32.0
. From Renovate logs, I can also see that there is an alert package rule to update to this version. However,2.32.0
has been marked as yanked on PyPI and so it's unavailable.As a result, Renovate wants to update only wants to update
requests
to2.32.0
but not able to. I wonder if the alert package rule should specify with a version range instead>=2.32.0
?Logs (if relevant)
Logs
Beta Was this translation helpful? Give feedback.
All reactions