build requirements: colorama grew a new build-time dependency :/

or more like four: ``` $ pipdeptree hatchling==1.11.1 - editables [required: >=0.3, installed: 0.3] - packaging [required: >=21.3, installed: 21.3] - pyparsing [required: >=2.0.2,!=3.0.5, installed: 3.0.9] - pathspec [required: >=0.10.1, installed: 0.10.1] - pluggy [required: >=1.0.0, installed: 1.0.0] - tomli [required: >=1.2.2, installed: 2.0.1] ``` Let's monitor how the situation evolves, and whether other packages start requiring hatchling, but for now I am not going to add four new packages into the trusted base set... Pinning colorama to an older version for now. related: tartley/colorama#338 tartley/colorama#349
spesmilo · Nov 5, 2022 · 590abec · 590abec · ofek · Nov 9, 2022
1 parent 326f8c4
commit 590abec
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/contrib/requirements/requirements-build-android.txt b/contrib/requirements/requirements-build-android.txt
@@ -9,7 +9,8 @@ sh
 
 # needed by python-for-android:
 appdirs
-colorama>=0.3.3
+# colorama upper bound to avoid needing hatchling
+colorama>=0.3.3,<0.4.6
 jinja2
 sh>=1.10
 pep517

diff --git a/contrib/requirements/requirements-hw.txt b/contrib/requirements/requirements-hw.txt
@@ -15,3 +15,8 @@ pyserial>=3.5.0,<4.0.0
 # prefer older protobuf (see #7922)
 # (pulled in via e.g. keepkey and bitbox02)
 protobuf>=3.12,<4
+
+# prefer older colorama to avoid needing hatchling
+# (pulled in via trezor -> click -> colorama)
+# (pulled in via safet -> click -> colorama)
+colorama<0.4.6