bump EOL python dependencies across services#4266
Open
panish16 wants to merge 14 commits intobcgov:mainfrom
Open
bump EOL python dependencies across services#4266panish16 wants to merge 14 commits intobcgov:mainfrom
panish16 wants to merge 14 commits intobcgov:mainfrom
Conversation
panish16
force-pushed
the
new-python
branch
5 times, most recently
from
c5764bd to
15f2b3f
Compare
- Replace libaio1 with libaio1t64 in Dockerfile (Debian trixie rename)
- Add known_first_party/known_third_party to isort config so flake8-isort
and pylint agree on import order (third-party before first-party)
- Fix import ordering across 38 source/test files accordingly
- Default JWT_OIDC_ALGORITHMS to 'RS256' to fix test AttributeError
when env var is unset (flask-jwt-oidc no longer provides class default)
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4266 +/- ##
==========================================
+ Coverage 29.66% 29.76% +0.10%
==========================================
Files 39 39
Lines 3486 3554 +68
==========================================
+ Hits 1034 1058 +24
- Misses 2452 2496 +44
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
… the Flask bump — so it won't break when the PR merges
pwei1018
approved these changes
Apr 21, 2026
argush3
reviewed
Apr 22, 2026
loneil
reviewed
Apr 22, 2026
- Pin gcp-queue and structured-logging to e82cd710 instead of 2a3d5a2; e82cd710 is the latest main commit and explicitly fixes Cloud SQL connector compatibility with Python 3.9 - Revert data-tool/requirements.txt — not deployed, maintained locally by the data migration team - Revert business-registry-model/requirements.txt — pyproject.toml is the source of truth here; requirements.txt is legacy Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
kialj876
reviewed
Apr 22, 2026
The package uses pyproject.toml as its source of truth. The requirements.txt was a legacy file, not referenced by any Dockerfile or CI workflow, and caused the EOL scanner to flag stale versions that are already updated in pyproject.toml. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Update flask 1.1.2 → 3.0.3, SQLAlchemy 1.4.44 → 2.0.40, and pydantic 1.10.2 → 2.10.6 to match the versions already used in pyproject.toml. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove requirements.txt and dev.txt from business-registry-model — these are pre-poetry artefacts not consumed by the poetry build; pyproject.toml is the authoritative dependency source. Revert sql-versioning SQLAlchemy bump to 1.4.44 per reviewer guidance: a shared-library major-version bump requires its own PR with a version increment and updated poetry.lock before consumers can be updated. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
isort 4.x requires distutils which was removed in Python 3.12+, and the flake8-isort/isort 4.x combination does not correctly apply known_first_party from setup.cfg. Updating to isort>=5.0.0 fixes the import-order CI failures. Import ordering in source files was already corrected in a prior commit and validates clean against isort 5.x. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Collaborator
|
@panish16 were you able to test all the services you updated locally? Not only the pytests because the coverage is not good everywhere, but actually run them connected to a db and run the postman collections or see the jobs working as expected? |
…ill handle the full Python version upgrade separately Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
# Conflicts: # legal-api/poetry.lock # legal-api/pyproject.toml # queue_services/business-bn/poetry.lock # queue_services/business-emailer/poetry.lock # queue_services/business-emailer/pyproject.toml
bolyachevets
requested changes
Apr 28, 2026
| pkgutil-resolve-name = "1.3.10" | ||
| protobuf = "==3.20.*" | ||
| protobuf = ">=5.28.0,<6.0.0" | ||
| psycopg2-binary = "2.9.10" |
Collaborator
There was a problem hiding this comment.
you need to resync your fork and rebase the branch, since pscycopg2 has been removed from main
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue #: /bcgov/entity###
Description of changes:
Flask-Pydantic) to versions compatible with the above upgrades
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the lear license (Apache 2.0).