Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set constraint for importlib-metadata #952

Closed
wants to merge 1 commit into from
Closed

Set constraint for importlib-metadata #952

wants to merge 1 commit into from

Conversation

mportesdev
Copy link
Contributor

@mportesdev mportesdev commented Oct 3, 2022

If Python version is 3.7 or lower (i.e., importlib.metadata is not in the standard library) then third-party importlib-metadata must be installed. However importlib-metadata version 5.x no longer supports the interface used by stevedore version 3.x. This change fixes this by constraining the version of importlib-metadata to 4.x.

Closes #951

@juanitosvq
Copy link

Hi, is there an estimated ETA to get this merged and released? Thanks!

@emcd
Copy link

emcd commented Oct 14, 2022

This appears to be fixed upstream with the release of stevedore==3.5.1 yesterday.

@emcd
Copy link

emcd commented Oct 14, 2022

While the crash is resolved, there is a new issue that has appeared with importlib-metadata>=5: #956 .
This PR is still valid for fixing the new issue even if it is no longer needed for the old issue.

@mportesdev
Copy link
Contributor Author

@ericwb @lukehinds @sigmavirus24 Can you please look into this sometime soon? Seems like lots of people using bandit are having issues. I guess a new release would be necessary after merging this.

@mportesdev
Copy link
Contributor Author

Problem fixed in stevedore 3.5.2

@mportesdev mportesdev closed this Oct 24, 2022
@mportesdev mportesdev deleted the fix_importlib branch October 24, 2022 07:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Bandit broken via stevedore dependency with importlib-metadata>=5.
3 participants