Allow bumping several new packages

Homebrew / brew-pip-audit

:clipboard: Bulk auditing Python dependencies in Homebrew with pip-audit

BSD 2-Clause "Simplified" License

11 stars 7 forks source link

Allow bumping several new packages #76

Closed alex closed 4 months ago

alex commented 6 months ago

Should be possible now that https://github.com/Homebrew/brew/pull/16753 is landed

cho-m commented 6 months ago

Just noting that a couple changes in homebrew-core are necessary and some limitations:

python@3.12 needs https://github.com/Homebrew/homebrew-core/pull/164606
pypy3.10 / pypy3.9 cannot update setuptools resource yet but pip resource can be updated after https://github.com/Homebrew/homebrew-core/pull/164607
pypy may need inequality support for PyPI resources as it is Python 2. Need to keep setuptools<45 but we only support == right now.

It looks like python@3.8 thru python@3.11 were supported already as Python used to have a setup.py.

p-linnane commented 6 months ago

Can't we just do setuptools==44.1.1 for pypy?

alex commented 6 months ago

I don't see why not.

cho-m commented 6 months ago

Can't we just do setuptools==44.1.1 for pypy?

Mainly related to comment that setuptools 44 may get bugfixes:

  # > Setuptools as a project continues to support Python 2 with bugfixes and important features on Setuptools 44.x.
  # See https://setuptools.readthedocs.io/en/latest/python%202%20sunset.html#python-2-sunset

So it would be nicer for resource updates to get any new releases rather than manually tracking. No idea how long these other copies of Python 2 (e.g. pypy) will remain. Setuptools at least still has branch https://github.com/pypa/setuptools/tree/maint/44.x

alex commented 6 months ago

Is that still accurate? 44.1.1 was released in 2020.

On Fri, Mar 1, 2024 at 6:14 PM Michael Cho @.***> wrote:

Can't we just do setuptools==44.1.1 for pypy?

Mainly related to comment that setuptools 44 may get bugfixes:

> Setuptools as a project continues to support Python 2 with bugfixes and important features on Setuptools 44.x.

See https://setuptools.readthedocs.io/en/latest/python%202%20sunset.html#python-2-sunset

So it would be nicer for resource updates to get any new releases rather than manually tracking. No idea how long these other copies of Python 2 (e.g. pypy) will remain. Setuptools at least still has branch https://github.com/pypa/setuptools/tree/maint/44.x

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

-- All that is necessary for evil to succeed is for good people to do nothing.

cho-m commented 6 months ago

Is that still accurate? 44.1.1 was released in 2020.

No idea. I only saw the branch still exists but would need someone from Setuptools side for status.