From a178f9b107527111bf07cd66278ee37e84b77f5b Mon Sep 17 00:00:00 2001 From: Bartosz Blizniak Date: Tue, 25 Nov 2025 15:27:08 +0000 Subject: [PATCH 1/7] fix: update `urllib3` and `click` dependencies --- CHANGELOG.md | 3 +++ cloudsmith_cli/core/rest.py | 2 +- requirements.txt | 4 ++-- setup.py | 4 ++-- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f378acba..13b77b24 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [Unreleased] +- Upgraded `urllib3` from `v1.26.20` to `v2.5.0`. +- Downgraded `click` from `v8.2.0` to `v8.1.8` to satisfy dependency requirements for Python 3.9. + ## [1.9.4] - 2025-11-07 > No code changes in this release. Version bump performed for release process consistency and to address packaging/metadata updates. diff --git a/cloudsmith_cli/core/rest.py b/cloudsmith_cli/core/rest.py index 761cd02b..3820b50b 100644 --- a/cloudsmith_cli/core/rest.py +++ b/cloudsmith_cli/core/rest.py @@ -106,7 +106,7 @@ def create_requests_session( retry = RetryWithCallback( backoff_factor=backoff_factor, connect=retries, - method_whitelist=False, + allowed_methods=False, read=retries, status_forcelist=tuple(status_forcelist), status=retries, diff --git a/requirements.txt b/requirements.txt index ba4b184f..da21c7f0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -22,7 +22,7 @@ cfgv==3.3.1 # via pre-commit charset-normalizer==3.3.2 # via requests -click==8.1.6 +click==8.1.8 # via # click-configfile # click-didyoumean @@ -135,7 +135,7 @@ typing-extensions==4.13.2 # via # astroid # pylint -urllib3==1.26.20 +urllib3==2.5.0 # via # cloudsmith-api # cloudsmith-cli (setup.py) diff --git a/setup.py b/setup.py index 56ec00e0..aa23f929 100644 --- a/setup.py +++ b/setup.py @@ -49,7 +49,7 @@ def get_long_description(): platforms=["any"], python_requires=">=3.9.0", install_requires=[ - "click>=8.2.0,!=8.3.0", + "click>=8.1.8,!=8.3.0", "click-configfile>=0.2.3", "click-didyoumean>=0.0.3", "click-spinner>=0.1.7", @@ -58,7 +58,7 @@ def get_long_description(): "requests>=2.18.4", "requests_toolbelt>=0.8.0", "semver>=2.7.9", - "urllib3<2.0", + "urllib3>=2.5", ], entry_points={ "console_scripts": ["cloudsmith=cloudsmith_cli.cli.commands.main:main"] From afb95f2f64f4ceabd4cc318a3d2d355b94aa6da7 Mon Sep 17 00:00:00 2001 From: Bartosz Blizniak Date: Wed, 26 Nov 2025 15:09:59 +0000 Subject: [PATCH 2/7] remove click changes, this will be added in different pr --- CHANGELOG.md | 7 ++++++- requirements.txt | 2 +- setup.py | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 13b77b24..9b0fda53 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,9 +7,14 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [Unreleased] -- Upgraded `urllib3` from `v1.26.20` to `v2.5.0`. +### Added + - Downgraded `click` from `v8.2.0` to `v8.1.8` to satisfy dependency requirements for Python 3.9. +### Fixed + +- Upgraded `urllib3` from `v1.26.20` to `v2.5.0`. + ## [1.9.4] - 2025-11-07 > No code changes in this release. Version bump performed for release process consistency and to address packaging/metadata updates. diff --git a/requirements.txt b/requirements.txt index da21c7f0..3edcf67b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -22,7 +22,7 @@ cfgv==3.3.1 # via pre-commit charset-normalizer==3.3.2 # via requests -click==8.1.8 +click==8.2.0 # via # click-configfile # click-didyoumean diff --git a/setup.py b/setup.py index aa23f929..15b20633 100644 --- a/setup.py +++ b/setup.py @@ -49,7 +49,7 @@ def get_long_description(): platforms=["any"], python_requires=">=3.9.0", install_requires=[ - "click>=8.1.8,!=8.3.0", + "click>=8.2.0,!=8.3.0", "click-configfile>=0.2.3", "click-didyoumean>=0.0.3", "click-spinner>=0.1.7", From 4d648b38fb47080e6f469b1546bbf0c7a62ee211 Mon Sep 17 00:00:00 2001 From: Bartosz Blizniak Date: Wed, 26 Nov 2025 15:10:58 +0000 Subject: [PATCH 3/7] changelogs --- CHANGELOG.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9b0fda53..a7ee564e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,10 +7,6 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [Unreleased] -### Added - -- Downgraded `click` from `v8.2.0` to `v8.1.8` to satisfy dependency requirements for Python 3.9. - ### Fixed - Upgraded `urllib3` from `v1.26.20` to `v2.5.0`. From 5143b3e79bd27e3ddea2ecbacbc2d87e32e5353a Mon Sep 17 00:00:00 2001 From: Bartosz Blizniak Date: Wed, 26 Nov 2025 15:12:21 +0000 Subject: [PATCH 4/7] changelogs --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 3edcf67b..20f45cba 100644 --- a/requirements.txt +++ b/requirements.txt @@ -22,7 +22,7 @@ cfgv==3.3.1 # via pre-commit charset-normalizer==3.3.2 # via requests -click==8.2.0 +click==8.1.6 # via # click-configfile # click-didyoumean From a5ec1accee49ef8ad0e55452441352fcca78884e Mon Sep 17 00:00:00 2001 From: Bartosz Blizniak Date: Wed, 26 Nov 2025 16:27:42 +0000 Subject: [PATCH 5/7] mock sso ring test --- CHANGELOG.md | 1 + .../cli/commands/metrics/entitlements.py | 1 + cloudsmith_cli/core/tests/test_rest.py | 20 +++++++++++++++++++ 3 files changed, 22 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a7ee564e..273df2e8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ### Fixed - Upgraded `urllib3` from `v1.26.20` to `v2.5.0`. + - Added `mock_keyring` fixture to prevent SSO token refresh attempts during individual `test_rest.py` test which runs in pipelines (full suite passes). Caused by [HTTPretty issue 484](https://github.com/gabrielfalcao/HTTPretty/issues/484). ## [1.9.4] - 2025-11-07 diff --git a/cloudsmith_cli/cli/commands/metrics/entitlements.py b/cloudsmith_cli/cli/commands/metrics/entitlements.py index 9bf10c4c..ae8352fa 100644 --- a/cloudsmith_cli/cli/commands/metrics/entitlements.py +++ b/cloudsmith_cli/cli/commands/metrics/entitlements.py @@ -123,6 +123,7 @@ def usage(ctx, opts, owner_repo, tokens, start, finish): owner = owner_repo[0] repo = None + data = None context_msg = "Failed to get list of metrics!" with handle_api_exceptions(ctx, opts=opts, context_msg=context_msg): with maybe_spinner(opts): diff --git a/cloudsmith_cli/core/tests/test_rest.py b/cloudsmith_cli/core/tests/test_rest.py index 9fea645b..1e4ebe6b 100644 --- a/cloudsmith_cli/core/tests/test_rest.py +++ b/cloudsmith_cli/core/tests/test_rest.py @@ -1,4 +1,5 @@ import httpretty +import pytest from ..api.init import initialise_api from ..rest import RestClient @@ -6,6 +7,7 @@ class TestRestClient: @httpretty.activate(allow_net_connect=False, verbose=True) + @pytest.mark.usefixtures("mock_keyring") def test_implicit_retry_for_status_codes(self): """Assert that the rest client retries certain status codes automatically.""" # initialise_api() needs to be called before RestClient can be instantiated, @@ -37,3 +39,21 @@ def test_implicit_retry_for_status_codes(self): assert len(httpretty.latest_requests()) == 6 assert r.status == 200 + + +@pytest.fixture +def mock_keyring(monkeypatch): + """Mock keyring functions to prevent reading real SSO tokens from the system keyring. + + This is necessary because initialise_api() checks the keyring for SSO tokens, + and if found, it attempts to refresh them via a network request. When running + this test in isolation with httpretty mocking enabled, that network request + will fail because it's not mocked. + """ + # Import here to avoid circular imports + from .. import keyring + + # Mock all keyring getter functions to return None/False + monkeypatch.setattr(keyring, "get_access_token", lambda api_host: None) + monkeypatch.setattr(keyring, "get_refresh_token", lambda api_host: None) + monkeypatch.setattr(keyring, "should_refresh_access_token", lambda api_host: False) From ccc1fa536fd3ad8ecfe1946cc6bc9719d0f0275e Mon Sep 17 00:00:00 2001 From: Bartosz Blizniak Date: Wed, 26 Nov 2025 16:43:11 +0000 Subject: [PATCH 6/7] patch httpretty fake socket shutdown for urllib3 2.0+ compatibility --- cloudsmith_cli/core/tests/test_rest.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/cloudsmith_cli/core/tests/test_rest.py b/cloudsmith_cli/core/tests/test_rest.py index 1e4ebe6b..c659cfaa 100644 --- a/cloudsmith_cli/core/tests/test_rest.py +++ b/cloudsmith_cli/core/tests/test_rest.py @@ -51,9 +51,20 @@ def mock_keyring(monkeypatch): will fail because it's not mocked. """ # Import here to avoid circular imports + import httpretty.core + from .. import keyring # Mock all keyring getter functions to return None/False monkeypatch.setattr(keyring, "get_access_token", lambda api_host: None) monkeypatch.setattr(keyring, "get_refresh_token", lambda api_host: None) monkeypatch.setattr(keyring, "should_refresh_access_token", lambda api_host: False) + + # Patch httpretty's fake socket to handle shutdown() which urllib3 2.0+ calls + # This fixes: "Failed to socket.shutdown because because a real socket does not exist" + monkeypatch.setattr( + httpretty.core.fakesock.socket, + "shutdown", + lambda self, how: None, + raising=False, + ) From 94e3d3a019b83401f60bcbb3a0e7dfad741af48f Mon Sep 17 00:00:00 2001 From: Bartosz Blizniak <55028730+BartoszBlizniak@users.noreply.github.com> Date: Tue, 16 Dec 2025 10:55:11 +0000 Subject: [PATCH 7/7] Update cloudsmith_cli/core/tests/test_rest.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- cloudsmith_cli/core/tests/test_rest.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudsmith_cli/core/tests/test_rest.py b/cloudsmith_cli/core/tests/test_rest.py index c659cfaa..364af4e7 100644 --- a/cloudsmith_cli/core/tests/test_rest.py +++ b/cloudsmith_cli/core/tests/test_rest.py @@ -61,7 +61,7 @@ def mock_keyring(monkeypatch): monkeypatch.setattr(keyring, "should_refresh_access_token", lambda api_host: False) # Patch httpretty's fake socket to handle shutdown() which urllib3 2.0+ calls - # This fixes: "Failed to socket.shutdown because because a real socket does not exist" + # This fixes: "Failed to socket.shutdown because a real socket does not exist" monkeypatch.setattr( httpretty.core.fakesock.socket, "shutdown",