Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vendor some key libraries #3192

Open
pombredanne opened this issue Jan 9, 2023 · 1 comment
Open

Vendor some key libraries #3192

pombredanne opened this issue Jan 9, 2023 · 1 comment
Labels
bug
Milestone
v32.2

Comments

@pombredanne
Copy link
Member

As a fix for #3179 a solution is to vendor the libraries with objects that participate in the license index pickle such that we are not dependent on their uncontrolled updates. These include:

  • attrs
  • intbitset and pyahocorasick: these are native libraries and are low priority since we are maintaining them and are able to control their release cycle
  • license_expression and boolean.py though we maintain these, so low priority (used for the Rule.license_expression_object)

See also these related issues:

Note: we are doing vendoring in https://github.com/nexB/typecode/blob/main/README.rst with vendy for pygments and also FetchCode (inherit from pip) and tracecode-toolkit-strace (using vendorize for altgraph and docopt). python-vendorize seems mostly current and upda to date.
@pombredanne pombredanne added this to the v32.0 milestone Jan 9, 2023
@pombredanne pombredanne added the bug label Jan 9, 2023
pombredanne added a commit that referenced this issue Jan 9, 2023
@pombredanne
Vendor attrs to avoid unpickle issues #3179 #3192
3b74dc4 
We have vendored attrs only for its use in licensedcode.models.
With this, we avoid updates to the attrs library that would make
unpickling the license index fail.

Reported-by: Soim @soimkim
Reference: #3192
Reference: #3179
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne pombredanne mentioned this issue Jan 9, 2023
Merged
4 tasks
pombredanne added a commit that referenced this issue Jan 9, 2023
@pombredanne
Do not run tests on vendored dirs #3179 #3192
d43a14e 
Signed-off-by: Philippe Ombredanne <[email protected]>
pombredanne added a commit that referenced this issue Jan 17, 2023
@pombredanne
Merge pull request #3193 from nexB/v31.2.3-branch-hotfix
2124157 
Vendor attrs to avoid unpickle issues #3179 #3192
@pombredanne pombredanne modified the milestones: v32.0, v32.1 Feb 24, 2023
@pombredanne
Copy link
Member Author

pombredanne commented Feb 24, 2023
edited
Loading

We vendored attrs for now and pinned SPDX and also forked packaging to packvers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
v32.2
Development

No branches or pull requests
1 participant
@pombredanne