Update pants lockfiles.

[nzlosh]

No description provided.

[cognifloyd]

Do you have the lock file diff still? It gets printed after lock file generation. The diff view makes it much easier to see what changed. Reviewing the actual lock file changes is a lot.

Also, I like to use that diff to update the version pins in the legacy requirements files.

[nzlosh]

I don't have it, but it's nothing to re-run the generate process against master again. Would you like it as an attachment here? I can also backport the locking to the requirement files if you want that.

[cognifloyd]

I don't have it, but it's nothing to re-run the generate process against master again. Would you like it as an attachment here?

Yes please. I try to put it in the diff in the commit message and in the PR description (in a ``` code block), but just in the PR description would be enough here.

Dealing with this is cumbersome. Maybe (in a different PR) we could add a GHA workflow that:

• gets triggered manually
  • via workflow_dispatch to create a new PR
  • via a PR label or a PR comment in an existing PR
• regenerates the lockfiles (or just one resolve based on input params) in 1 commit with the diff in the commit message
• updates the pins in the old lock files in another commit
• pushes the commits to:
  • a new branch for workflow_dispatch trigger
  • the PR branch if updating an existing PR
• file a new PR if triggered by workflow_dispatch.

[nzlosh]

I pushed the generated lock files as well as the updates requirements.txt files.

Here's the pants output:

Lockfile diff: lockfiles/black.lock [black]

==                    Upgraded dependencies                     ==

  mypy-extensions                1.0.0        -->   1.1.0
  typing-extensions              4.12.2       -->   4.13.2

Lockfile diff: lockfiles/twine.lock [twine]

==                    Upgraded dependencies                     ==

  certifi                        2025.1.31    -->   2025.8.3
  charset-normalizer             3.4.1        -->   3.4.3
  nh3                            0.2.21       -->   0.3.0
  pygments                       2.19.1       -->   2.19.2
  requests                       2.32.3       -->   2.32.4
  rich                           13.9.4       -->   14.1.0

==                     Removed dependencies                     ==

  typing-extensions              4.12.2

Lockfile diff: lockfiles/st2.lock [st2]

==                    Upgraded dependencies                     ==

  beautifulsoup4                 4.13.3       -->   4.13.5
  certifi                        2025.1.31    -->   2025.8.3
  charset-normalizer             3.4.1        -->   3.4.3
  ciso8601                       2.3.2        -->   2.3.3
  crudini                        0.9.5        -->   0.9.6
  distlib                        0.3.9        -->   0.4.0
  fasteners                      0.19         -->   0.20
  gitpython                      3.1.44       -->   3.1.45
  httplib2                       0.22.0       -->   0.30.0
  kombu                          5.5.2        -->   5.5.4
  msgpack                        1.1.0        -->   1.1.1
  oslo-utils                     7.3.0        -->   7.3.1
  packaging                      24.2         -->   25.0
  pbr                            6.1.1        -->   7.0.1
  prompt-toolkit                 3.0.50       -->   3.0.52
  pygments                       2.19.1       -->   2.19.2
  redis                          5.2.1        -->   6.1.1
  requests                       2.32.3       -->   2.32.4
  retrying                       1.3.4        -->   1.4.2
  ruamel-yaml                    0.18.10      -->   0.18.15
  soupsieve                      2.6          -->   2.7
  typing-extensions              4.12.2       -->   4.13.2
  virtualenv                     20.30.0      -->   20.34.0
  wrapt                          1.17.2       -->   1.17.3
  yaql                           3.0.0        -->   3.1.0

Lockfile diff: lockfiles/bandit.lock [bandit]

==                    Upgraded dependencies                     ==

  gitpython                      3.1.44       -->   3.1.45
  pbr                            6.1.1        -->   7.0.1
  pygments                       2.19.1       -->   2.19.2
  rich                           13.9.4       -->   14.1.0
  setuptools                     75.3.0       -->   75.3.2
  typing-extensions              4.12.2       -->   4.13.2

Lockfile diff: lockfiles/pylint.lock [pylint]

==                    Upgraded dependencies                     ==

  dill                           0.3.9        -->   0.4.0
  setuptools                     75.3.0       -->   75.3.2
  tomlkit                        0.13.2       -->   0.13.3
  typing-extensions              4.12.2       -->   4.13.2

Lockfile diff: lockfiles/pants-plugins.lock [pants-plugins]

==                    Upgraded dependencies                     ==

  certifi                        2025.1.31    -->   2025.8.3
  charset-normalizer             3.4.1        -->   3.4.3
  pluggy                         1.5.0        -->   1.6.0
  pyparsing                      3.2.1        -->   3.2.3
  requests                       2.32.3       -->   2.32.5
  typing-extensions              4.12.2       -->   4.15.0
  ujson                          5.10.0       -->   5.11.0
  urllib3                        2.3.0        -->   2.5.0

Lockfile diff: lockfiles/flake8.lock [flake8]

==                    Upgraded dependencies                     ==

  setuptools                     75.3.0       -->   75.3.2

[nzlosh]

I think someone from the community pointed out bitnami doing something with their images, so the CI errors might be related to that.

Error response from daemon: manifest for bitnami/rabbitmq:3.8 not found: manifest unknown: manifest unknown

[nzlosh]

The tests are passing on the official rabbitmq 3.13 images, circleci looks like a conflict between package versions. It might be necessary to update requirements files in orquesta, ldap and rbac before the CircleCI tests pass.

[nzlosh]

Additional lock update

Lockfile diff: lockfiles/st2.lock [st2]

==                    Upgraded dependencies                     ==

  xmltodict                      0.14.2       -->   0.15.0

[cognifloyd]

🎆

[cognifloyd]

Nice find!

Just a note for future reference (if anyone happens to be spelunking through old changes): passlib is required by st2-auth-backend-flat-file, so we will still pull in the requirement through that dependency. Since nothing in this repo uses passlib, it is safe to remove it from the requirements files and let pip handle resolving transitive deps like passlib.