Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Codecov disappeared in PyPI? #31

Closed
danbaron63 opened this issue Apr 12, 2023 · 3 comments
Closed

Codecov disappeared in PyPI? #31

danbaron63 opened this issue Apr 12, 2023 · 3 comments

Comments

@danbaron63
Copy link

Codecov appears to have disappeared from PyPI?

> pip install codecov==2.1.12
Collecting codecov==2.1.12
  ERROR: Could not find a version that satisfies the requirement codecov==2.1.12 (from versions: none)
ERROR: No matching distribution found for codecov==2.1.12

Has this been intentionally removed and when do we expect it to be available again?

Thanks!
DB
This was referenced Apr 12, 2023
Merged
Merged
hugovk added a commit to hugovk/meow.py that referenced this issue Apr 12, 2023
@hugovk
Remove deleted codecov pacakage: codecov/python-standard#31
294897a
@eccabay eccabay mentioned this issue Apr 12, 2023
Closed
@melisabok melisabok mentioned this issue Apr 12, 2023
Merged
@khaeru khaeru mentioned this issue Apr 13, 2023
Merged
2 tasks
@khaeru
Copy link

khaeru commented Apr 13, 2023

Having re-read the deprecation notices, there appears to be no statement that the package would be deleted from PyPI, or of a date on which this would occur.

The result is that all packages on PyPI which depend on codecov are not installable. A less disruptive move would have been to push another, essentially empty version of the package, and then yank the older, insecure versions. This would have allowed existing packages to be installed, albeit with perhaps degraded behaviour or loss of functionality.

@vfdev-5 vfdev-5 mentioned this issue Apr 13, 2023
Closed
@mtoivo mtoivo mentioned this issue Apr 13, 2023
Open
1 task
@mauicv mauicv mentioned this issue Apr 13, 2023
Merged
@jklaise
Copy link

jklaise commented Apr 13, 2023
edited
Loading

Having re-read the deprecation notices, there appears to be no statement that the package would be deleted from PyPI, or of a date on which this would occur.

The result is that all packages on PyPI which depend on codecov are not installable. A less disruptive move would have been to push another, essentially empty version of the package, and then yank the older, insecure versions. This would have allowed existing packages to be installed, albeit with perhaps degraded behaviour or loss of functionality.

Happy to be corrected, but I believe deleting the PyPi package is also a major security issue as I think anyone can now snap up codecov with a malicious package that would be installed on many systems currently depending on codecov.

Edit: according to this, it should at least be impossible to register a new package under codecov https://community.codecov.com/t/codecov-yanked-from-pypi-all-versions/4259

This was referenced Apr 13, 2023
Closed
Merged
@pofl pofl mentioned this issue Apr 13, 2023
Closed
@mrclrchtr mrclrchtr mentioned this issue Apr 13, 2023
Closed
This was referenced Apr 13, 2023
Merged
Closed
@khaeru khaeru mentioned this issue Apr 14, 2023
Closed
canihavesomecoffee added a commit to CCExtractor/sample-platform that referenced this issue Apr 14, 2023
@canihavesomecoffee
Update test-requirements.txt
573f6ab 
Remove codecov pip package as it was hard-deleted (see codecov/python-standard#31)
@canihavesomecoffee canihavesomecoffee mentioned this issue Apr 14, 2023
Merged
canihavesomecoffee added a commit to CCExtractor/sample-platform that referenced this issue Apr 14, 2023
@canihavesomecoffee
Update test-requirements.txt (#776)
7c4130e 
Remove codecov pip package as it was hard-deleted (see codecov/python-standard#31)
This was referenced Apr 15, 2023
Merged
Merged
Closed
@VincentVanlaer VincentVanlaer mentioned this issue Apr 16, 2023
Merged
@phanak-sap phanak-sap mentioned this issue Apr 17, 2023
Open
This was referenced Apr 19, 2023
Merged
Merged
llewelld added a commit to llewelld/lit-GPT that referenced this issue Jul 6, 2023
@llewelld
Update codeconv requirement to version 2.1.13
1bf79ea 
Codeconv version 2.1.12 appears to have been pulled from PyPI for
security reasons:

codecov/python-standard#31

This prevents the test requirements from installing, which blocks CI
from running. This change bumps the codeconv version up to 2.1.13 so it
can be installed successfully.
@thomasrockhu-codecov
Copy link
Contributor

Sorry all, I didn't see this issue until now. To resolve this, we did push back up 2.1.13 as a final legacy package. We highly recommend moving away from the python package to our currently uploader or the CLI.

We put up a message about this pull here, and I'm extremely sorry for the disruption and headaches this might have caused.

grmartin added a commit to edx/commerce-coordinator that referenced this issue Sep 5, 2023
@grmartin
fix: Removing codecov as it is no longer supported
96c29fc 
And they removed it from PyPi.

codecov/python-standard#31
@sameh-farouk sameh-farouk mentioned this issue Feb 25, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@khaeru @jklaise @danbaron63 @thomasrockhu-codecov