Skip to content

fix: Work around compromised transitive dependency#6257

Merged
sentrivana merged 2 commits into
masterfrom
ivana/test-ci-again
May 12, 2026
Merged

fix: Work around compromised transitive dependency#6257
sentrivana merged 2 commits into
masterfrom
ivana/test-ci-again

Conversation

@sentrivana
Copy link
Copy Markdown
Contributor

@sentrivana sentrivana commented May 12, 2026
edited
Loading

  • mistralai might have been compromised. It's been quarantined by PyPI, so it can't be installed at all.
  • The base Pydantic AI package pydantic-ai installs pydantic-ai-slim with a bunch of extras for all sort of AI providers, including mistralai.
  • Our test suite fails because we attempt to install pydantic-ai, which then tries to pull in mistralai transitively.

Even though there's now a new release of pydantic-ai without the dependency, older versions still have it, and we still want to test against a variety of versions in our test suite.

The fix: don't install pydantic-ai, but instead install pydantic-ai-slim directly, at least for now until mistralai is restored.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 12, 2026
edited
Loading

Codecov Results 📊

146 passed | Total: 146 | Pass Rate: 100% | Execution Time: 21.68s

📊 Comparison with Base Branch

Metric Change
Total Tests
Passed Tests
Failed Tests
Skipped Tests

✨ No test changes detected

All tests are passing successfully.

✅ Patch coverage is 100.00%. Project has 14343 uncovered lines.
✅ Project coverage is 34.96%. Comparing base (base) to head (head).

Coverage diff 
@@            Coverage Diff             @@
##          main       #PR       +/-##
==========================================
+ Coverage    34.96%    34.96%        —%
==========================================
  Files          190       190         —
  Lines        22052     22052         —
  Branches      7408      7408         —
==========================================
+ Hits          7709      7709         —
- Misses       14343     14343         —
- Partials       807       807         —

Generated by Codecov Action

@sentrivana sentrivana changed the title Test CI fix: Work around compromised transitive dependency May 12, 2026
@sentrivana sentrivana marked this pull request as ready for review May 12, 2026 08:24
@sentrivana sentrivana requested a review from a team as a code owner May 12, 2026 08:24
@sentrivana sentrivana merged commit c1921a4 into master May 12, 2026
156 checks passed
@sentrivana sentrivana deleted the ivana/test-ci-again branch May 12, 2026 08:33
tonal added a commit to tonal/sentry-python that referenced this pull request May 12, 2026
@tonal @claude
Merge upstream/master into patch-2
93a0de6 
Include fix for compromised transitive dependency (getsentry#6257).
Regenerate tox.ini and CI workflows with aiomysql config.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexander-alderman-webb alexander-alderman-webb alexander-alderman-webb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sentrivana @alexander-alderman-webb