RFC: support python 3.12 (but drop 3.8) #82
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
muxator
force-pushed
the
support-3.12
branch
from
a78e3ad to
af1b6dd
Compare
|
Codecov ReportAttention: Patch coverage is
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #82 +/- ##
==========================================
- Coverage 89.22% 88.52% -0.71%
==========================================
Files 42 33 -9
Lines 1782 1751 -31
==========================================
- Hits 1590 1550 -40
- Misses 192 201 +9
|
muxator
force-pushed
the
support-3.12
branch
2 times, most recently
from
156f5d2 to
554a754
Compare
AldoGl
force-pushed
the
support-3.12
branch
7 times, most recently
from
a3f0f8b to
f77f4c7
Compare
|
Thanks @muxator for the great work. I fixed the linting and tests, as explained also my commit, as follows:
Now the PR could me merged in my opinion! |
AldoGl
approved these changes
Sep 2, 2024
muxator
commented
Sep 5, 2024
muxator
force-pushed
the
support-3.12
branch
from
056c18b to
71917a3
Compare
Before this change, "make safety" would complain of the following vulnerability: -> Vulnerability found in black version 23.12.1 Vulnerability ID: 66742 Affected spec: <24.3.0 ADVISORY: Affected versions of Black are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. CVE-2024-21503 For more information about this vulnerability, visit https://data.safetycli.com/v/66742/97c To ignore this vulnerability, use PyUp vulnerability id 66742 in safety’s ignore command-line argument or add the ignore to your safety policy file.
|
This PR will remove the dependency on Safety (https://github.com/pyupio/safety), which has become a purely commercial product for all practical purposes. Safety < 3.0.1 has grave issues (see pyupio/safety#480) and the current version does not support performing a scan without logging into their service account (https://docs.safetycli.com/safety-docs/safety-cli-3/quick-start-guide):
Let's remove the dependency on Safety altogether. |
Safety (https://github.com/pyupio/safety) has become a purely commercial platform for all practical puposes. Versions < 3.0.1 are unsupported and have grave configurability issues. Let's remove the dependency altogether. See: #82 (comment)
muxator
pushed a commit
that referenced
this pull request
Sep 6, 2024
Safety (https://github.com/pyupio/safety) has become a purely commercial platform for all practical puposes. Versions < 3.0.1 are unsupported and have grave configurability issues. Let's remove the dependency altogether. See: #82 (comment)
muxator
force-pushed
the
support-3.12
branch
2 times, most recently
from
029c4f7 to
5906825
Compare
muxator
force-pushed
the
support-3.12
branch
2 times, most recently
from
3b7c479 to
5906825
Compare
AldoGl
reviewed
Sep 10, 2024
| # values on MacOS when statsmodels was updated from 0.13 to 0.14. This | ||
| # captures the change, so that when a fix arrives upstream we can update | ||
| # the test again. | ||
| BEST_PARAMETERS_STR = "Best parameters found: [0.21 0.19 0.76]" |
There was a problem hiding this comment.
very nice solution for the moment
muxator
force-pushed
the
support-3.12
branch
from
b8c884a to
15ded4c
Compare
added 2 commits
September 10, 2024 14:36
…12 incompatibilities The issue with numpy is documented here, and officially solved with numpy 1.26: https://numpy.org/devdocs/reference/distutils_status_migration.html The upgrade on statsmodel probaby uncovers a bug in its MacOS build: the values computed by MethodOfMomentsLoss are slightly different there, and lead to a different result in the test. Let's accept it for now; we can eventually file a bug on statsmodel later.
….8 due to SciPy As of 2024-02, Python 3.8 is still going to be supproted for 6 months (until 2024-10, see https://devguide.python.org/versions). At the same time, Python 3.12 was released four months ago, on 2023-10, and will be supported for five years. We cannot support both, because SciPy 1.10 does not work with python 3.12, and scipy 1.11 drops python 3.8. Having to make a choiche, it is probably better to go with the more recent versions, thus 3.8 has to go down the drain. This commit introduces some failures on the mypy check, that are going to be fixed in the next commit.
muxator
pushed a commit
that referenced
this pull request
Sep 10, 2024
Safety (https://github.com/pyupio/safety) has become a purely commercial platform for all practical puposes. Versions < 3.0.1 are unsupported and have grave configurability issues. Let's remove the dependency altogether. See: #82 (comment)
muxator
force-pushed
the
support-3.12
branch
2 times, most recently
from
c2f2d82 to
5d96fb8
Compare
|
Thank you @muxator and @marcofavorito for the great help for this PR. As agreed, I will rebase and merge and we can tackle the OS compatibility issue another time |
AldoGl
added a commit
that referenced
this pull request
Sep 10, 2024
Safety (https://github.com/pyupio/safety) has become a purely commercial platform for all practical puposes. Versions < 3.0.1 are unsupported and have grave configurability issues. Let's remove the dependency altogether. See: #82 (comment)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is an experiment aimed at supporting python 3.12, which is already at its second point release.
Formally, python 3.8 is still going to be supported for 6 months (https://devguide.python.org/versions). However, some packages have already dropped it.
In particular, there is no scipy version supporting 3.8 and 3.12 at the same time, and this forces us to make a choice.
After bumping scipy to >= 1.11, poetry is able to resolve the dependencies.
At install time there were 2 more problems:
numpydid not install because python 3.12 dropped support for distutils (https://peps.python.org/pep-0632/). There are workarounds for this (https://numpy.org/devdocs/reference/distutils_status_migration.html), but bumping to 1.26 seems to be an official solutionstatsmodels0.13 did not compile under python 3.12, probably because it is compiled with-Werror, and there are some deprecation warnings when compiling its wheel. Bumping to 0.14 solved the issue.This is just the easiest set of actions for allowing the project to run on python3.12. There might be ways to keep a more relaxed set of dependencies (for example, only install numpy 1.26 under python 3.12) if we want to be more permissive.
Local tests on my Fedora with python 3.12 completed fine. Opening the PR to see what the CI (and the fellow devs) think about it.