-
Notifications
You must be signed in to change notification settings - Fork 245
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(python): pin dependency version to the exact match #969
Conversation
This will make it easier for downstream consumers to revert to an older version of closures. This is a temporary fix until we make further changes to forward the *exact* requirement that was expressed on the source package.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
dfe268f
to
e71fd39
Compare
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
} | ||
|
||
dependencies.push(`${depInfo.targets!.python!.distName}${versionSpecifier}`); | ||
dependencies.push(`${depInfo.targets!.python!.distName}==${depInfo.version}`); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this have the same meaning like in all other languages?
@eladb per my comment here #677 (comment) it should be ~=version instead of ==. ~= is fine with X.Y.Z but the current ~=X.Y... is incorrect |
It really comes down to npm is like, people are dumb and 2.7 == 2.7.0 but python is like, well 2.7 isn't technically 2.7.0 because they don't enforcement major.minor.bug. |
== is fine too :) I'm done for the day |
Ideally, I want the dependency to match what is modeled in the source TypeScript package. This requires a few slightly deeper changes... I'll leave this for now, will get back to it tomorrow or so to re-consider on a cold head. |
https://www.typescriptlang.org/docs/handbook/release-notes/typescript-3-1.html#matching-behavior might help you reach a conclusion. Being that the dependency in typescript is an arbitrary number I'd suggest Python's equivalent of === https://www.python.org/dev/peps/pep-0440/#arbitrary-equality |
arbitrary in the context that the typescript's module's version number is just as it is specified. Ie it is 1.15.0 not 1.15.0.1 not 1.15 it's just "1.15.0" and |
The thing is here we're not talking about the version of typescript itself, but that of the declared dependencies of the node module we are wrapping into a nice Python shell. Those dependencies are expressed using semver ranges, and right now the generator ignores the exact specified range & generates it's own. Currently, CDK dependencies are modeled with an exact match clause, and python actually breaches that with the current generated code... That's not great :( |
I was noting that the semver techniques for typescript are the same as npm. The cdk dependencies are modeled after the package.json file correct? Ie https://github.com/aws/aws-cdk/blob/f0a62fd5324cc368752bc75f0bdae620a13e826d/packages/%40aws-cdk/aws-codepipeline-actions/package.json#L78 Is there somewhere else doing some dependencies calculations? It appears that for all python dependencies everything is an exact version on the package.json side. Ie an arbitrary version as it has no range and is precisely the desired version. To match the expectation of exactly matching in python an exact match operator is the triple equals, If I'm missing something totally obvious please forgive me. I have fought many a dependency battle in nearly any language that has a dependency tree. |
I swear I'll stop commenting after this... pythonically ~=X.Y.Z is what you want to keep it on the bugfix version. |
@joekiller - I reckon we're in violent agreement at this stage 😂 |
Closing in favor of some upcoming work from @MrArnoldPalmer |
…/packages/@jsii/python-runtime (#3692) Updates the requirements on [attrs](https://github.com/python-attrs/attrs) to permit the latest version. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-attrs/attrs/releases">attrs's releases</a>.</em></p> <blockquote> <h2>22.1.0</h2> <h1>Highlights</h1> <p>The main features of this release are:</p> <ul> <li>The departure of Python 2.7 (enjoy your retirement!),</li> <li>and the arrival of Python 3.11.</li> </ul> <p>We had loftier goals feature-wise, but didn't want to block others embracing Python 3.11.</p> <p>❤️ <strong>Huge</strong> thanks to my <a href="https://github.com/sponsors/hynek">GitHub sponsors</a>, <a href="https://tidelift.com/subscription/pkg/pypi-attrs">Tidelift subscribers</a>, and <a href="https://ko-fi.com/the_hynek">Ko-fi buyers</a>! ❤️</p> <p>None of my projects would exist in their current form without you!</p> <h1>Full Changelog</h1> <h2>Backwards-incompatible Changes</h2> <ul> <li> <p>Python 2.7 is not supported anymore.</p> <p>Dealing with Python 2.7 tooling has become too difficult for a volunteer-run project.</p> <p>We have supported Python 2 more than 2 years after it was officially discontinued and feel that we have paid our dues. All version up to 21.4.0 from December 2021 remain fully functional, of course. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/936">#936</a></p> </li> <li> <p>The deprecated <code>cmp</code> attribute of <code>attrs.Attribute</code> has been removed. This does not affect the <em>cmp</em> argument to <code>attr.s</code> that can be used as a shortcut to set <em>eq</em> and <em>order</em> at the same time. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/939">#939</a></p> </li> </ul> <h2>Changes</h2> <ul> <li>Instantiation of frozen slotted classes is now faster. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/898">#898</a></li> <li>If an <code>eq</code> key is defined, it is also used before hashing the attribute. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/909">#909</a></li> <li>Added <code>attrs.validators.min_len()</code>. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/916">#916</a></li> <li><code>attrs.validators.deep_iterable()</code>'s <em>member_validator</em> argument now also accepts a list of validators and wraps them in an <code>attrs.validators.and_()</code>. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/925">#925</a></li> <li>Added missing type stub re-imports for <code>attrs.converters</code> and <code>attrs.filters</code>. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/931">#931</a></li> <li>Added missing stub for <code>attr(s).cmp_using()</code>. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/949">#949</a></li> <li><code>attrs.validators._in()</code>'s <code>ValueError</code> is not missing the attribute, expected options, and the value it got anymore. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/951">#951</a></li> <li>Python 3.11 is now officially supported. <a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/969">#969</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python-attrs/attrs/blob/main/CHANGELOG.rst">attrs's changelog</a>.</em></p> <blockquote> <h2>22.1.0 (2022-07-28)</h2> <p>Backwards-incompatible Changes ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^</p> <ul> <li> <p>Python 2.7 is not supported anymore.</p> <p>Dealing with Python 2.7 tooling has become too difficult for a volunteer-run project.</p> <p>We have supported Python 2 more than 2 years after it was officially discontinued and feel that we have paid our dues. All version up to 21.4.0 from December 2021 remain fully functional, of course. <code>[#936](python-attrs/attrs#936) <https://github.com/python-attrs/attrs/issues/936></code>_</p> </li> <li> <p>The deprecated <code>cmp</code> attribute of <code>attrs.Attribute</code> has been removed. This does not affect the <em>cmp</em> argument to <code>attr.s</code> that can be used as a shortcut to set <em>eq</em> and <em>order</em> at the same time. <code>[#939](python-attrs/attrs#939) <https://github.com/python-attrs/attrs/issues/939></code>_</p> </li> </ul> <p>Changes ^^^^^^^</p> <ul> <li>Instantiation of frozen slotted classes is now faster. <code>[#898](python-attrs/attrs#898) <https://github.com/python-attrs/attrs/issues/898></code>_</li> <li>If an <code>eq</code> key is defined, it is also used before hashing the attribute. <code>[#909](python-attrs/attrs#909) <https://github.com/python-attrs/attrs/issues/909></code>_</li> <li>Added <code>attrs.validators.min_len()</code>. <code>[#916](python-attrs/attrs#916) <https://github.com/python-attrs/attrs/issues/916></code>_</li> <li><code>attrs.validators.deep_iterable()</code>'s <em>member_validator</em> argument now also accepts a list of validators and wraps them in an <code>attrs.validators.and_()</code>. <code>[#925](python-attrs/attrs#925) <https://github.com/python-attrs/attrs/issues/925></code>_</li> <li>Added missing type stub re-imports for <code>attrs.converters</code> and <code>attrs.filters</code>. <code>[#931](python-attrs/attrs#931) <https://github.com/python-attrs/attrs/issues/931></code>_</li> <li>Added missing stub for <code>attr(s).cmp_using()</code>. <code>[#949](python-attrs/attrs#949) <https://github.com/python-attrs/attrs/issues/949></code>_</li> <li><code>attrs.validators._in()</code>'s <code>ValueError</code> is not missing the attribute, expected options, and the value it got anymore. <code>[#951](python-attrs/attrs#951) <https://github.com/python-attrs/attrs/issues/951></code>_</li> <li>Python 3.11 is now officially supported. <code>[#969](python-attrs/attrs#969) <https://github.com/python-attrs/attrs/issues/969></code>_</li> </ul> <hr /> <h2>21.4.0 (2021-12-29)</h2> <p>Changes ^^^^^^^</p> <ul> <li>Fixed the test suite on PyPy3.8 where <code>cloudpickle</code> does not work. <code>[#892](python-attrs/attrs#892) <https://github.com/python-attrs/attrs/issues/892></code>_</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-attrs/attrs/commit/b3dfebe2e10b44437c4f97d788fb5220d790efd0"><code>b3dfebe</code></a> Prepare 22.1.0</li> <li><a href="https://github.com/python-attrs/attrs/commit/c89abcd6e6a826b00898f93e851c96b78c80891f"><code>c89abcd</code></a> It totally is correct</li> <li><a href="https://github.com/python-attrs/attrs/commit/9f118b7dd5328ee5abd7f3880971ab9554047c3a"><code>9f118b7</code></a> Tune first steps</li> <li><a href="https://github.com/python-attrs/attrs/commit/a3d7f20e54ba29d5ec73563c167d877351228cf2"><code>a3d7f20</code></a> Polish contributing guide</li> <li><a href="https://github.com/python-attrs/attrs/commit/899497f165b3c8291b66c9c3a01b64881b69cf39"><code>899497f</code></a> Clarify (c) ownership</li> <li><a href="https://github.com/python-attrs/attrs/commit/696fd786901a6b82b828dd71e3fd64bfae1014ca"><code>696fd78</code></a> Hyphenate compound adjectives</li> <li><a href="https://github.com/python-attrs/attrs/commit/65c06831c1eee4d9895511c7db5caffba9d93c0e"><code>65c0683</code></a> Use NG APIs in glossary</li> <li><a href="https://github.com/python-attrs/attrs/commit/5d84d9a5686e8210b1616447ac05021b6b211157"><code>5d84d9a</code></a> Move mypy config to pyproject.toml</li> <li><a href="https://github.com/python-attrs/attrs/commit/1590917bf7c49e35bb429d117650f660aa45e0e4"><code>1590917</code></a> Update readme.rst (<a href="https://github-redirect.dependabot.com/python-attrs/attrs/issues/986">#986</a>)</li> <li><a href="https://github.com/python-attrs/attrs/commit/a67c84f51e4e3df875961d287583abaef673eb48"><code>a67c84f</code></a> Add more prominent callout about slots to API docs</li> <li>Additional commits viewable in <a href="https://github.com/python-attrs/attrs/compare/21.2.0...22.1.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
…/packages/jsii-pacmak/lib/targets/python (#4422) Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p> <blockquote> <h2>Twine 5.0.0 (2024-02-10)</h2> <p>Bugfixes ^^^^^^^^</p> <ul> <li>Use <code>email.message</code> instead of <code>cgi</code> as <code>cgi</code> has been deprecated (<code>[#969](pypa/twine#969) <https://github.com/pypa/twine/issues/969></code>_)</li> </ul> <p>Misc ^^^^</p> <ul> <li><code>[#931](pypa/twine#931) <https://github.com/pypa/twine/issues/931></code><em>, <code>[#991](pypa/twine#991) <https://github.com/pypa/twine/issues/991></code></em>, <code>[#1028](pypa/twine#1028) <https://github.com/pypa/twine/issues/1028></code><em>, <code>[#1040](pypa/twine#1040) <https://github.com/pypa/twine/issues/1040></code></em></li> </ul> <h2>Twine 4.0.2 (2022-11-30)</h2> <p>Bugfixes ^^^^^^^^</p> <ul> <li>Remove deprecated function to fix <code>twine check</code> with pkginfo 1.9.0. (<code>[#941](pypa/twine#941) <https://github.com/pypa/twine/issues/941></code>_)</li> </ul> <h2>Twine 4.0.1 (2022-06-01)</h2> <p>Bugfixes ^^^^^^^^</p> <ul> <li>Improve logging when keyring fails. (<code>[#890](pypa/twine#890) <https://github.com/pypa/twine/issues/890></code>_)</li> <li>Reconfigure root logger to show all log messages. (<code>[#896](pypa/twine#896) <https://github.com/pypa/twine/issues/896></code>_)</li> </ul> <h2>Twine 4.0.0 (2022-03-31)</h2> <p>Features ^^^^^^^^</p> <ul> <li>Drop support for Python 3.6. (<code>[#869](pypa/twine#869) <https://github.com/pypa/twine/issues/869></code>_)</li> <li>Use Rich to add color to <code>upload</code> output. (<code>[#851](pypa/twine#851) <https://github.com/pypa/twine/issues/851></code>_)</li> <li>Use Rich to add color to <code>check</code> output. (<code>[#874](pypa/twine#874) <https://github.com/pypa/twine/issues/874></code>_)</li> <li>Use Rich instead of tqdm for upload progress bar. (<code>[#877](pypa/twine#877) <https://github.com/pypa/twine/issues/877></code>_)</li> </ul> <p>Bugfixes ^^^^^^^^</p> <ul> <li>Remove Twine's dependencies from the <code>User-Agent</code> header when uploading. (<code>[#871](pypa/twine#871) <https://github.com/pypa/twine/issues/871></code>_)</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/twine/commit/94f810c54c8bc9d418a9ed64890ca9fa4ec7b59f"><code>94f810c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1047">#1047</a> from pypa/new-release</li> <li><a href="https://github.com/pypa/twine/commit/09d993ad4de12f3d11ddf25ff4b4db54714f1969"><code>09d993a</code></a> Update linkcheck_ignore setting for docs</li> <li><a href="https://github.com/pypa/twine/commit/ab0ed199154f8ab341d88c313cf4c2e785d770ee"><code>ab0ed19</code></a> Apply 2024 black format</li> <li><a href="https://github.com/pypa/twine/commit/407e6cc0c42eb0dcbc679cb2ffbffcc5dcbc150b"><code>407e6cc</code></a> Build changelog for 5.0.0</li> <li><a href="https://github.com/pypa/twine/commit/6644b862bb4555ddcb375c794ec5161de4a248df"><code>6644b86</code></a> Add missing changelog entries</li> <li><a href="https://github.com/pypa/twine/commit/fe1885f2bf896c1852dedea7733a582c5718bbbc"><code>fe1885f</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1034">#1034</a> from DimitriPapadopoulos/codespell</li> <li><a href="https://github.com/pypa/twine/commit/694bdcf84686c2821ca3168fbc75c2fa5c901188"><code>694bdcf</code></a> Fix typos found by codespell</li> <li><a href="https://github.com/pypa/twine/commit/89ec78c6be4b4b1bb22514bcddef8f6014c1ba53"><code>89ec78c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1040">#1040</a> from woodruffw-forks/ww/pypi-mandatory-api-tokens</li> <li><a href="https://github.com/pypa/twine/commit/b3b363aae8cf83bfbdf9228f5e80d9bdb4765053"><code>b3b363a</code></a> tests: lintage</li> <li><a href="https://github.com/pypa/twine/commit/6e94d200e20f700fa2e905dd32afeb367d321b67"><code>6e94d20</code></a> tests: more non-PyPI tests</li> <li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/4.0.2...5.0.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
…/packages/jsii-pacmak/lib/targets/python (#4516) Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p> <blockquote> <h2>Twine 5.1.0 (2024-05-15)</h2> <p>Features ^^^^^^^^</p> <ul> <li>Add the experimental <code>--attestations</code> flag. (<code>[#1095](pypa/twine#1095) <https://github.com/pypa/twine/issues/1095></code>_)</li> </ul> <h2>Twine 5.1.0 (2024-05-15)</h2> <p>Misc ^^^^</p> <ul> <li><code>[#1104](pypa/twine#1104) <https://github.com/pypa/twine/issues/1104></code>_</li> </ul> <h2>Twine 5.0.0 (2024-02-10)</h2> <p>Bugfixes ^^^^^^^^</p> <ul> <li>Use <code>email.message</code> instead of <code>cgi</code> as <code>cgi</code> has been deprecated (<code>[#969](pypa/twine#969) <https://github.com/pypa/twine/issues/969></code>_)</li> </ul> <p>Misc ^^^^</p> <ul> <li><code>[#931](pypa/twine#931) <https://github.com/pypa/twine/issues/931></code><em>, <code>[#991](pypa/twine#991) <https://github.com/pypa/twine/issues/991></code></em>, <code>[#1028](pypa/twine#1028) <https://github.com/pypa/twine/issues/1028></code><em>, <code>[#1040](pypa/twine#1040) <https://github.com/pypa/twine/issues/1040></code></em></li> </ul> <h2>Twine 4.0.2 (2022-11-30)</h2> <p>Bugfixes ^^^^^^^^</p> <ul> <li>Remove deprecated function to fix <code>twine check</code> with pkginfo 1.9.0. (<code>[#941](pypa/twine#941) <https://github.com/pypa/twine/issues/941></code>_)</li> </ul> <h2>Twine 4.0.1 (2022-06-01)</h2> <p>Bugfixes ^^^^^^^^</p> <ul> <li>Improve logging when keyring fails. (<code>[#890](pypa/twine#890) <https://github.com/pypa/twine/issues/890></code>_)</li> <li>Reconfigure root logger to show all log messages. (<code>[#896](pypa/twine#896) <https://github.com/pypa/twine/issues/896></code>_)</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/twine/commit/e9f70cff51d5b355305680b8501bdb17c2de015e"><code>e9f70cf</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1108">#1108</a> from pypa/fix-release-workflow</li> <li><a href="https://github.com/pypa/twine/commit/1908be7034789d3fd97eaa4c904a89b214f49ded"><code>1908be7</code></a> Fix release workflow</li> <li><a href="https://github.com/pypa/twine/commit/6d7ffea75bd8713c749041ea5415f0496c9dd9b6"><code>6d7ffea</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1107">#1107</a> from woodruffw-forks/release-5.1.0</li> <li><a href="https://github.com/pypa/twine/commit/bc91e5719c136acaf5b2fe0c1679ce1ba8d40963"><code>bc91e57</code></a> Update changelog for 5.1.0</li> <li><a href="https://github.com/pypa/twine/commit/de39ade426cc8b4b0b2261ca8dd1617fdf9764d2"><code>de39ade</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1085">#1085</a> from pypa/feature/pep-621</li> <li><a href="https://github.com/pypa/twine/commit/75de094adbf6765429254cc73775288a971d8321"><code>75de094</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1104">#1104</a> from ascheel/main</li> <li><a href="https://github.com/pypa/twine/commit/c512bbf166ac38239e58545a39155285f8747a7b"><code>c512bbf</code></a> Properly handle repository URLs with auth in them</li> <li><a href="https://github.com/pypa/twine/commit/e0ed8088fc872f449376d6d8e4fbf1b71b1a504f"><code>e0ed808</code></a> Changelog entry</li> <li><a href="https://github.com/pypa/twine/commit/72ee030a0783959419962b9c4ff5c9fe16e5c507"><code>72ee030</code></a> Change regex string to a raw string.</li> <li><a href="https://github.com/pypa/twine/commit/04d7e2713466a06df6445fb0b01c3b9c79879ec7"><code>04d7e27</code></a> Sanitize URLs for logging/display purposes.</li> <li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/5.0.0...5.1.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
…/packages/jsii-pacmak/lib/targets/python (#4558) Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p> <blockquote> <h2>Twine 5.1.1 (2024-06-26)</h2> <p>Bugfixes ^^^^^^^^</p> <ul> <li> <p>Resolve DeprecationWarnings when extracting <code>twine</code> metadata. (<code>[#1115](pypa/twine#1115) <https://github.com/pypa/twine/issues/1115></code>_)</p> </li> <li> <p>Fix bug for Repository URLs with auth where the port was lost. When attempting to prevent printing authentication credentials in URLs provided with username and password, we did not properly handle the case where the URL also contains a port (when reconstructing the URL). This is now handled and tested to ensure no regressions. (<code>#fix-repo-urls-with-auth-and-port <https://github.com/pypa/twine/issues/fix-repo-urls-with-auth-and-port></code>_)</p> </li> </ul> <h2>Twine 5.1.0 (2024-05-15)</h2> <p>Features ^^^^^^^^</p> <ul> <li>Add the experimental <code>--attestations</code> flag. (<code>[#1095](pypa/twine#1095) <https://github.com/pypa/twine/issues/1095></code>_)</li> </ul> <h2>Twine 5.1.0 (2024-05-15)</h2> <p>Misc ^^^^</p> <ul> <li><code>[#1104](pypa/twine#1104) <https://github.com/pypa/twine/issues/1104></code>_</li> </ul> <h2>Twine 5.0.0 (2024-02-10)</h2> <p>Bugfixes ^^^^^^^^</p> <ul> <li>Use <code>email.message</code> instead of <code>cgi</code> as <code>cgi</code> has been deprecated (<code>[#969](pypa/twine#969) <https://github.com/pypa/twine/issues/969></code>_)</li> </ul> <p>Misc ^^^^</p> <ul> <li><code>[#931](pypa/twine#931) <https://github.com/pypa/twine/issues/931></code><em>, <code>[#991](pypa/twine#991) <https://github.com/pypa/twine/issues/991></code></em>, <code>[#1028](pypa/twine#1028) <https://github.com/pypa/twine/issues/1028></code><em>, <code>[#1040](pypa/twine#1040) <https://github.com/pypa/twine/issues/1040></code></em></li> </ul> <h2>Twine 4.0.2 (2022-11-30)</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/twine/commit/e29791dcbcd4d39ffc5c4ce2e38e3884005bd368"><code>e29791d</code></a> Prepare for v5.1.1 (<a href="https://redirect.github.com/pypa/twine/issues/1114">#1114</a>)</li> <li><a href="https://github.com/pypa/twine/commit/f213ede904ec8553c82e75d6125efd1972fe8b00"><code>f213ede</code></a> fix: Retrieve metadata correctly from importlib_metadata (<a href="https://redirect.github.com/pypa/twine/issues/1115">#1115</a>)</li> <li><a href="https://github.com/pypa/twine/commit/6fbf880ee60915cf1666348c4bdd78a10415f2ac"><code>6fbf880</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1112">#1112</a> from pypa/bug/1111</li> <li><a href="https://github.com/pypa/twine/commit/3eb9121c6d6cdb0b0d2c0e55c89319cbceda038a"><code>3eb9121</code></a> Remove extra line from changelog entry</li> <li><a href="https://github.com/pypa/twine/commit/0191f0c9d9cae285df4c700dece7efc7c7de1551"><code>0191f0c</code></a> Preserve ports when munging repository URLs</li> <li><a href="https://github.com/pypa/twine/commit/c5887932a552c859376a53fb4dbe39f2ab17ba20"><code>c588793</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1110">#1110</a> from DimitriPapadopoulos/principle</li> <li><a href="https://github.com/pypa/twine/commit/1fdc197636fa1d354d5e4113121698e08824d3a0"><code>1fdc197</code></a> Fix a couple typos</li> <li><a href="https://github.com/pypa/twine/commit/13b07b67fdc7b6de589640655045687953edab24"><code>13b07b6</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1109">#1109</a> from pypa/dependabot/github_actions/actions/checkout...</li> <li><a href="https://github.com/pypa/twine/commit/a3e837326aa9691c89ebefecb1449977d33f89e4"><code>a3e8373</code></a> build(deps): bump actions/checkout from 4.1.5 to 4.1.6</li> <li><a href="https://github.com/pypa/twine/commit/e9f70cff51d5b355305680b8501bdb17c2de015e"><code>e9f70cf</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1108">#1108</a> from pypa/fix-release-workflow</li> <li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/5.0.0...v5.1.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
This will make it easier for downstream consumers to revert to an older version of closures.
This is a temporary fix until we make further changes to forward the exact requirement that
was expressed on the source package.
Barring this, frighting one's way out of problems such as aws/aws-cdk#4957 is extremely
challenging.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.