Packages: update requirements#5
Conversation
|
Warning Review limit reached
Next review available in: 54 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. 📝 WalkthroughWalkthroughMinimum Python version raised from 3.8/3.9 to 3.10 and ChangesPython 3.10+ and urllib3 2.7.0+ upgrade
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@setup.py`:
- Around line 26-28: Wire the updated PYTHON_REQUIRES value into the package
metadata in setup() so the distribution advertises the Python 3.10 minimum.
Update the existing setup() call in setup.py to pass PYTHON_REQUIRES through the
appropriate metadata field, using the PYTHON_REQUIRES symbol already defined
near the REQUIRES list, so older Python versions are rejected during
installation instead of later resolution.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 5080eea5-2870-4b9f-8c3c-6e69e48677fd
📒 Files selected for processing (6)
.github/workflows/build-release.yamlREADME.mdpyproject.tomlrequirements.txtsetup.pytest-requirements.txt
Summary
Updates
urllib3,pytest, andfilelockto their latest secure releases to address known security advisories. All three target versions require Python ≥ 3.10, so this PR also drops support for Python 3.8 and 3.9.Dependency changes
urllib3:>= 1.25.3, < 3.0.0→>= 2.7.0, < 3.0.0(runtime)pytest:>= 7.2.1→>= 9.0.3(dev/test)filelock: (transitive, unpinned) →>= 3.20.3(dev/test)The target versions all declare
requires-python >= 3.10. There is nourllib3 >= 2.7.0build for 3.8/3.9, so keeping those versions would breakpip install. Accordingly:requires-pythonbumped to>= 3.10(pyproject.toml,setup.py)[ "3.10", "3.11", "3.12" ]Consumers still on Python 3.8/3.9 must pin to a previous SDK release.
Files changed
requirements.txt—urllib3floorsetup.py—urllib3floor +PYTHON_REQUIRESpyproject.toml—urllib3/pytestfloors, addedfilelockdev dep,python = "^3.10"test-requirements.txt—pytestfloor, addedfilelock.github/workflows/build-release.yaml— CI Python matrixREADME.md— supported Python versionNotes
filelockis a test/build-only dependency (transitive via tox/pytest), so it was added to the dev/test requirements only — not to the runtimerequirements.txt/setup.py.urllib3retains its< 3.0.0upper bound; only the lower bound moved to exclude vulnerable releases.setup.pyandREADME.mdcarry "auto-generated, DO NOT EDIT" banners (this repo is regenerated from the OpenAPI generator). These edits may need to be mirrored in the generator templates/config to survive the nextchore: sdk update.Summary by CodeRabbit
Chores
urllib3range.Tests
Documentation