cisagovbot commented 8 months ago

Lineage Pull Request: CONFLICT

Lineage has created this pull request to incorporate new changes found in an upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-python-library.git Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with your project.

The lineage/skeleton branch has one or more unresolved merge conflicts that you must resolve before merging this pull request!

How to resolve the conflicts

Take ownership of this pull request by removing any other assignees.

Clone the repository locally, and reapply the merge:

git clone git@github.com:cisagov/admiral.git admiral
cd admiral
git remote add skeleton https://github.com/cisagov/skeleton-python-library.git
git remote set-url --push skeleton no_push
git switch develop
git switch --create lineage/skeleton --track origin/develop
git pull skeleton HEAD
git status

Review the changes displayed by the status command. Fix any conflicts and possibly incorrect auto-merges.
After resolving each of the conflicts, add your changes to the branch, commit, and push your changes:
```
git add .github/dependabot.yml .github/workflows/build.yml 
git commit
git push --force --set-upstream origin lineage/skeleton
```
Note that you may append to the default merge commit message that git creates for you, but please do not delete the existing content. It provides useful information about the merge that is being performed.
Wait for all the automated tests to pass.
Confirm each item in the "Pre-approval checklist" below.
Remove any of the checklist items that do not apply.
Ensure every remaining checkbox has been checked.
Mark this draft pull request "Ready for review".

✅ Pre-approval checklist

Remove any of the following that do not apply. If you're unsure about any of these, don't hesitate to ask. We're here to help!

[x] ✌️ The conflicts in this pull request have been resolved.
[x] All relevant type-of-change labels have been added.
[x] All new and existing tests pass.

✅ Pre-merge checklist

Remove any of the following that do not apply. These boxes should remain unchecked until the pull request has been approved.

[x] Bump major, minor, patch, or pre-release version as appropriate via the bump_version.sh script if this repository is versioned and the changes in this PR warrant a version bump.

✅ Post-merge checklist

Remove any of the following that do not apply.

[x] Create a release.

[!NOTE] You are seeing this because one of this repository's maintainers has configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

jsf9k commented 8 months ago

@king-alexander - The Python 3.12 build is broken because the requests<2.21 pin in setup.py pulls in an old version of urllib3. This old version of urllib3 itself contains an old version of six that is incompatible with Python 3.12. (This is very similar to the reason that cisagov/gophish-tools cannot yet support Python 3.12, as described in this commit message.)

I know that the latest 1.26 version of urllib3 will work; to that end, can we safely bump the requests pin to requests<=2.25 or requests<2.26? You can see here that this will pull in a newer verison of urllib3 and hence resolve the issue.

The main reason I can't work this out myself is because I don't know why requests was pinned to <2.21 by @felddy in commit a7295712a6bfec23f7581db2261bc0975a83e0b9, nor do I know how to do a proper test of this project if I make the change myself.

king-alexander commented 8 months ago

@jsf9k I tried the CT Search API with requests<2.26 and didn't see any issues.