Remove py dependency?
#14851
Comments
|
FYI
But good point @stevejalim to also update the entrypoints. They are nonetheless independent on the requirement removal. What turned out as a blocker however, is pytest's removal of py in 7.2.0 and vendoring just the useful bits left its plugins without explicit py dependency but still relying on e.g. py.xml broken from that point on, so only those still maintained and updating/replacing their dependencies will continue working with newer releases (or will need a py version explicitly required and pinned like here now, until updated). But that upgrade is currently blocked: #14013 (also see #14316 for more issues, we kinda need both pytest-selenium 4.0.2+ and pytest 8+ so I'll have to try to make a minimal-repro case to test the combination of versions & geckodriver +possible snap/flat env issues, and try finding a version combination that still works for Firefox). Truth is replacing Selenium with Playwright might happen faster than this. |
Description
There's still
py==1.11.0required in dev.in, which is in maintenance mode (=basically conserved in its historic state only). Not being actively updated for years, and with vulnerability being reported even for the latest version, every package tries to get rid of it or just vendor the usable parts instead of all the old legacy… (The CVE is somewhat unfortunate nonetheless, as it only applies to decades-old code for handling SVN repos:/…)Note
The og
py.testentrypoints ofpytestdo not depend on this in any way.Is it really being used anywhere?
(Or am I overlooking something too obvious?)
Success Criteria
pypackagepytestnotpy.testThe text was updated successfully, but these errors were encountered: