Skip to content

Packages: update requirements#5

Merged
zygintas merged 2 commits into
mainfrom
chore/update-package-versions
Jun 30, 2026
Merged

Packages: update requirements#5
zygintas merged 2 commits into
mainfrom
chore/update-package-versions

Conversation

@zygintas

@zygintas zygintas commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Summary

Updates urllib3, pytest, and filelock to their latest secure releases to address known security advisories. All three target versions require Python ≥ 3.10, so this PR also drops support for Python 3.8 and 3.9.

Dependency changes

  • urllib3: >= 1.25.3, < 3.0.0>= 2.7.0, < 3.0.0 (runtime)
  • pytest: >= 7.2.1>= 9.0.3 (dev/test)
  • filelock: (transitive, unpinned)>= 3.20.3 (dev/test)

⚠️ Breaking change: drops Python 3.8 / 3.9

The target versions all declare requires-python >= 3.10. There is no urllib3 >= 2.7.0 build for 3.8/3.9, so keeping those versions would break pip install. Accordingly:

  • requires-python bumped to >= 3.10 (pyproject.toml, setup.py)
  • CI matrix reduced to [ "3.10", "3.11", "3.12" ]
  • README requirement updated to Python 3.10+

Consumers still on Python 3.8/3.9 must pin to a previous SDK release.

Files changed

  • requirements.txturllib3 floor
  • setup.pyurllib3 floor + PYTHON_REQUIRES
  • pyproject.tomlurllib3 / pytest floors, added filelock dev dep, python = "^3.10"
  • test-requirements.txtpytest floor, added filelock
  • .github/workflows/build-release.yaml — CI Python matrix
  • README.md — supported Python version

Notes

  • filelock is a test/build-only dependency (transitive via tox/pytest), so it was added to the dev/test requirements only — not to the runtime requirements.txt / setup.py.
  • urllib3 retains its < 3.0.0 upper bound; only the lower bound moved to exclude vulnerable releases.
  • setup.py and README.md carry "auto-generated, DO NOT EDIT" banners (this repo is regenerated from the OpenAPI generator). These edits may need to be mirrored in the generator templates/config to survive the next chore: sdk update.

Summary by CodeRabbit

  • Chores

    • Raised the project’s supported Python version to 3.10+.
    • Updated dependency requirements, including a newer urllib3 range.
    • Refreshed development and test tooling version constraints.
  • Tests

    • Updated automated test runs to cover Python 3.10, 3.11, and 3.12 only.
  • Documentation

    • Revised the README requirements to match the new Python support policy.

@zygintas zygintas requested a review from a team as a code owner June 30, 2026 08:39
@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@zygintas, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 54 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ddc91751-27f1-4183-addc-1f52d319b2d7

📥 Commits

Reviewing files that changed from the base of the PR and between 3ae3231 and 972c72d.

📒 Files selected for processing (1)
  • setup.py
📝 Walkthrough

Walkthrough

Minimum Python version raised from 3.8/3.9 to 3.10 and urllib3 lower bound raised from >=1.25.3 to >=2.7.0 across setup.py, pyproject.toml, requirements.txt, test-requirements.txt, CI workflow matrix, and README.

Changes

Python 3.10+ and urllib3 2.7.0+ upgrade

Layer / File(s) Summary
Runtime constraints
setup.py, pyproject.toml, requirements.txt
PYTHON_REQUIRES set to >= 3.10; urllib3 lower bound raised to >= 2.7.0, < 3.0.0 in all three files.
Dev/test deps, CI matrix, and docs
pyproject.toml, test-requirements.txt, .github/workflows/build-release.yaml, README.md
Dev tooling versions bumped, filelock >= 3.20.3 added, CI matrix narrowed to Python 3.10–3.12, and README requirement updated to 3.10+.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: updating package requirements and dependency versions.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/update-package-versions

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@setup.py`:
- Around line 26-28: Wire the updated PYTHON_REQUIRES value into the package
metadata in setup() so the distribution advertises the Python 3.10 minimum.
Update the existing setup() call in setup.py to pass PYTHON_REQUIRES through the
appropriate metadata field, using the PYTHON_REQUIRES symbol already defined
near the REQUIRES list, so older Python versions are rejected during
installation instead of later resolution.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5080eea5-2870-4b9f-8c3c-6e69e48677fd

📥 Commits

Reviewing files that changed from the base of the PR and between 6617b19 and 3ae3231.

📒 Files selected for processing (6)
  • .github/workflows/build-release.yaml
  • README.md
  • pyproject.toml
  • requirements.txt
  • setup.py
  • test-requirements.txt

Comment thread setup.py
@zygintas zygintas merged commit b3d0ae8 into main Jun 30, 2026
1 check passed
@zygintas zygintas deleted the chore/update-package-versions branch June 30, 2026 08:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants