From b9ab36ec3733d112db45a1f58705bda8861d72bb Mon Sep 17 00:00:00 2001 From: Kenneth Daily Date: Thu, 25 Apr 2024 15:49:27 -0700 Subject: [PATCH] Pin colorama in bundled installer Updating to colorama > 0.4.5 requires additional build dependencies (`hatchling`, `flit_core`, etc). This increases the complexity of the bundled installer. We cannot add this to `EXTRA_RUNTIME_DEPS` because the `pip download` in `download_cli_deps` will fetch the latest `colorama`, which will take precedence when running the `install` script. This change pins `colorama` to the last version without the additional dependencies. --- .../enhancement-dependency-63735.json | 5 +++++ scripts/make-bundle | 19 +++++++++++++++---- 2 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 .changes/next-release/enhancement-dependency-63735.json diff --git a/.changes/next-release/enhancement-dependency-63735.json b/.changes/next-release/enhancement-dependency-63735.json new file mode 100644 index 000000000000..15903acabde0 --- /dev/null +++ b/.changes/next-release/enhancement-dependency-63735.json @@ -0,0 +1,5 @@ +{ + "type": "enhancement", + "category": "dependency", + "description": "Bump upper bound of colorama to <0.4.7; fixes `#7086 `__" +} diff --git a/scripts/make-bundle b/scripts/make-bundle index 180a5eb1bd67..6ca3dbbcf595 100755 --- a/scripts/make-bundle +++ b/scripts/make-bundle @@ -26,6 +26,12 @@ EXTRA_RUNTIME_DEPS = [ ('virtualenv', '16.7.8'), ('jmespath', '0.10.0'), ] +PINNED_RUNTIME_DEPS = [ + # The CLI has a relaxed pin for colorama, but versions >0.4.5 + # require extra build time dependencies. We are pinning it to + # a version that does not need those. + ('colorama', '0.4.5'), +] BUILDTIME_DEPS = [ ('setuptools-scm', '3.3.3'), ('wheel', '0.33.6'), @@ -78,12 +84,17 @@ def download_package_tarballs(dirname, packages): )) -def download_cli_deps(scratch_dir): +def download_cli_deps(scratch_dir, packages): + # pip download will always download a more recent version of a package + # even if one exists locally. The list of packages supplied in `packages` + # forces the use of a specific runtime dependency. awscli_dir = os.path.dirname( os.path.dirname(os.path.abspath(__file__))) + pinned_packages = " ".join( + f"{name}=={version}" for (name, version) in packages + ) with cd(scratch_dir): - run('pip download %s %s' % ( - PIP_DOWNLOAD_ARGS, awscli_dir)) + run(f"pip download {PIP_DOWNLOAD_ARGS} {pinned_packages} {awscli_dir}") def _remove_cli_zip(scratch_dir): @@ -169,7 +180,7 @@ def main(): setup_dir, packages=BUILDTIME_DEPS, ) - download_cli_deps(package_dir) + download_cli_deps(package_dir, packages=PINNED_RUNTIME_DEPS) add_cli_sdist(package_dir) create_bootstrap_script(scratch_dir) zip_filename = zip_dir(scratch_dir)