Please also yank 5.2.1

[danking]

Hi there!

We noticed that 5.2.1 had some issue related to the _version module. I see you have released 5.2.1.post0. Thank you! Could you also yank 5.2.1 from PyPI to further limit the impact of this release? Thank you in advance.

(base) # pip3 install traitlets==5.2.1 
Collecting traitlets==5.2.1
  Downloading traitlets-5.2.1-py3-none-any.whl (106 kB)
     |████████████████████████████████| 106 kB 4.7 MB/s 
Installing collected packages: traitlets
  Attempting uninstall: traitlets
    Found existing installation: traitlets 5.2.1.post0
    Uninstalling traitlets-5.2.1.post0:
      Successfully uninstalled traitlets-5.2.1.post0
Successfully installed traitlets-5.2.1
^[[A^[[AWARNING: You are using pip version 21.0.1; however, version 22.0.4 is available.
You should consider upgrading via the '/Users/dking/miniconda3/bin/python -m pip install --upgrade pip' command.
(base) # ipython                       
Traceback (most recent call last):
  File "/Users/dking/miniconda3/bin/ipython", line 5, in <module>
    from IPython import start_ipython
  File "/Users/dking/miniconda3/lib/python3.7/site-packages/IPython/__init__.py", line 55, in <module>
    from .core.application import Application
  File "/Users/dking/miniconda3/lib/python3.7/site-packages/IPython/core/application.py", line 23, in <module>
    from traitlets.config.application import Application, catch_config_error
  File "/Users/dking/miniconda3/lib/python3.7/site-packages/traitlets/__init__.py", line 5, in <module>
    from ._version import __version__, version_info
  File "/Users/dking/miniconda3/lib/python3.7/site-packages/traitlets/_version.py", line 8, in <module>
    ".".join(map(str, version_info)).replace(".b", "b").replace(".a", "a").replace(".rc", "rc")
AssertionError

[SnarkBoojum]

The best way to yank 5.2.1 is probablt by releasing a 5.2.2, isn't it? Just like in Debian, I packaged 5.2.1 with a patch (5.2.1.post0 isn't a good version number)...

[danking]

Even if a new version is released, the bad version should be yanked. A yanked release is treated differently by pip. In particular it is ignored unless that version is specifically requested with an equality requirement.

https://pypi.org/help/#yanked

[adam-grant-hendry]

@SnarkBoojum Was there a 5.2.2.post0? I only see post1 and I'm getting a strange error in commitizen workflows that poetry is searching for post0.

[adam-grant-hendry]

Replying to my own comment, I don't see any yanked versions on PyPI, so I'm assuming post0 never happened and this is something on my end...?

[adam-grant-hendry]

@SnarkBoojum Actually, from poetry Issue #6826, it appears PyPI thinks post0 exists:

$ curl -s https://pypi.org/simple/traitlets/ | grep 5.2.2.post0
    <a href="https://files.pythonhosted.org/packages/30/b6/43f78c203f11e7ce353ca7ca326332f8c020863b7904cc8aedea5a415f90/traitlets-5.2.2.post0-py3-none-any.whl#sha256=7109d1daa09aaf3aefd823eadde1d81508d039c74d9bed6b1812c58bea0cfe20" data-requires-python="&gt;=3.7" >traitlets-5.2.2.post0-py3-none-any.whl</a><br />

even though it's not in the PyPI release history nor the traitlets releases.

[adam-grant-hendry]

@SnarkBoojum @danking Please, if you would, kindly take a look at pypi/warehouse issue #12376 as there seems to have been a bad traitlets version uploaded that is causing downstream problems. Let me know if this should be opened as a separate issue.

[adam-grant-hendry]

@blink1073 From the report, it seems you submitted the package to PyPI on May 31, 2022. Would you also mind taking a look?

[danking]

5.2.1 was never yanked but there’s enough subsequent releases that this issue now feels irrelevant. Closing. Thanks all