Skip to content

LITE-33140: Tested bump dependencies#250

Draft
pcaro wants to merge 1 commit into
masterfrom
cr/LITE-33140-bump-deps-clean
Draft

LITE-33140: Tested bump dependencies#250
pcaro wants to merge 1 commit into
masterfrom
cr/LITE-33140-bump-deps-clean

Conversation

@pcaro

@pcaro pcaro commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

Clean, targeted redo of the dependency bump attempted in #248, on top of current master.

This PR mirrors the targeted bump done in the sibling client repo — see cloudblue/connect-python-openapi-client#86 .

Changes

Test toolchain

Package From To
pytest 7.2.2 8.4.2
pytest-cov 2.12.1 6.3.0
coverage 5.5 7.14.3
responses 0.20.0 0.26.1

pytest 8 changed collection ordering, exposing a latent isolation bug: tests/plugins/play/test_play_commands.py does del sys.modules['connect.cli.ccli'] then reimports it, so test_ccli.py's module-level from ... import main bound to a stale module object that mocker.patch never touched. Fixed by importing main inside each test.

Lint toolchain

Package From To
flake8 5.0.4 7.3.0
flake8-bugbear 22.12.6 25.11.29
flake8-commas 2.1.0 4.0.0
flake8-isort 5.0.3 6.1.2
flake8-broken-line 0.5.0 1.0.0

Only bugbear codes are enforced (select = "B"); bugbear 25 adds B017, which flagged a broad pytest.raises(Exception) in test_http.py masking the real ValueError — narrowed it.

Runtime deps

Package From To
connect-openapi-client 34.0 35.0 (floor >=29>=35)
interrogatio 2.3.1 2.4.0
iso3166 1.0.1 2.1.1
phonenumbers 8.13.55 9.0.33
poetry-core 1.9.1 2.4.1
click 8.3.1 8.4.2
requests 2.32.5 2.34.2

connect-openapi-client 35.0 dropped its importlib-metadata<7 pin (via #86), which unblocked interrogatio 2.4 (needs importlib-metadata>=8.5). That bump also pulls httpx 0.28.1 / pytest-httpx 0.35.0 and drops sniffio. Otherwise no packages added/removed.

Verification

  • CI green on this branch: test (3.10) (flake8 + full pytest) ✅, SonarCloud ✅.
  • Full suite locally: 715 passed (poetry run pytest); flake8 clean repo-wide.
  • (2 failures only reproduce locally — weasyprint native libs + a jinja binary-template byte — both pre-existing on master and independent of this change; they pass in CI, which has the system libs.)

⏳ Prepared — waiting on the eaas-core release

  • connect-eaas-core (37.0 → next release) — brings pydantic 2 — gated on LITE-33583: Bumb to pydantic v2 and newer fastapi connect-eaas-core#127 (migrate to pydantic v2, stacked on Trigger build on pull requests on release branch #125 which adds Python 3.13/3.14). Not yet on PyPI. Validated locally against that branch (no workaround): pydantic 2.13.4 resolves, typing-inspect comes in transitively, all 715 tests pass — connect-cli needs zero code changes (it uses no pydantic directly; eaas-core was the only pin at pydantic<2). correct typo #127 already carries the two fixes it needed: it declares typing-inspect (fastapi-utils 0.8 imports it on its pydantic-2 path) and widens fastapi to <0.137.
    Ready to land the moment eaas-core is released — apply, then poetry lock:
    python = ">=3.10,<3.15"          # required: eaas-core #125/#127 declare python <3.15
    connect-eaas-core = ">=<new release>"
    ⚠️ One caveat: it forces narrowing connect-cli's Python range to <3.15 (keeping <4 makes poetry fail to resolve, since eaas-core caps there). Side benefits carried in: pydantic 2, and fastapi free to move off the current 0.115.x cap (up to <0.137).
  • rich 12 → 15 — capped by connect-markdown-renderer 3.x (rich >=12.4.4,<13); its latest (3.0.0) still caps it. Needs a markdown-renderer release that allows rich 13+. (This cap is markdown-renderer, not eaas-core.)

Out of scope

  • connect-reports-core (26.*, latest 34.0) — deliberate major pin coupled to the report-execution engine (last bumped in LITE-24284 for the async engine). It transitively pins the report/PDF stack (weasyprint <54, plotly <6, kaleido ==0.2.1, jsonschema <4, orjson <4); bumping is behavior-affecting and needs separate validation. Used only by the report / project report plugins.
  • black kept at 23.* (mirrors the client repo, avoids repo-wide reformat churn).

Recommend closing #248 in favor of this PR.

@pcaro pcaro changed the title LITE-33140: Bump test stack to pytest 8 (clean rebase of #248) LITE-33140: Bump dependencies Jul 1, 2026
@pcaro pcaro changed the title LITE-33140: Bump dependencies LITE-33140: Tested bump dependencies Jul 1, 2026
@pcaro pcaro requested a review from arnaugiralt July 2, 2026 07:20
Clean, targeted dependency refresh on top of current master, replacing
the stale bot PR #248. Mirrors the sibling bump in
cloudblue/connect-python-openapi-client#86.

Test toolchain:
  pytest      7.2.2  -> 8.4.2
  pytest-cov  2.12.1 -> 6.3.0
  coverage    5.5    -> 7.14.3
  responses   0.20.0 -> 0.26.1

pytest 8 changed collection ordering, exposing a latent isolation bug:
tests/plugins/play/test_play_commands.py deletes and reimports
connect.cli.ccli, so test_ccli.py's module-level 'from ... import main'
bound to a stale module object that mocker.patch never touched. Fixed by
importing main inside each test.

Lint toolchain:
  flake8             5.0.4   -> 7.3.0
  flake8-bugbear     22.12.6 -> 25.11.29
  flake8-commas      2.1.0   -> 4.0.0
  flake8-isort       5.0.3   -> 6.1.2
  flake8-broken-line 0.5.0   -> 1.0.0

Only bugbear codes are enforced (select = "B"); bugbear 25 adds B017,
which flagged a broad pytest.raises(Exception) in test_http.py masking
the real ValueError; narrowed it.

Runtime deps:
  connect-openapi-client  >=29 -> >=35   (34.0 -> 35.0)
  interrogatio            2.3.1 -> 2.4.0
  iso3166                 1.0.1 -> 2.1.1
  phonenumbers            8.13.55 -> 9.0.33
  poetry-core             1.9.1 -> 2.4.1
  click                   8.3.1 -> 8.4.2
  requests                2.32.5 -> 2.34.2

openapi-client 35.0 dropped its importlib-metadata<7 pin (#86), which
unblocked interrogatio 2.4 (needs importlib-metadata>=8.5); that also
pulls httpx 0.28.1 / pytest-httpx 0.35.0 and drops sniffio.

Lint/format stack (black) and runtime majors gated upstream
(eaas-core, reports-core, rich via markdown-renderer) are left untouched.
Full suite: 715 passed.
@pcaro pcaro force-pushed the cr/LITE-33140-bump-deps-clean branch from ba5f73d to 3047ba2 Compare July 2, 2026 16:59
@sonarqubecloud

sonarqubecloud Bot commented Jul 2, 2026

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant