Python version from pyproject.toml requires-python (PEP621) #8244
Comments
1 task
louis-jaris
added a commit
to louis-jaris/dependabot-core
that referenced
this issue
Jan 28, 2025
Closes dependabot#8244 This add the support of python version detection based on the `requires-python` attribute defined in PEP621.
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Dependabot can already take the Python version to use from pyproject.toml if it's in Poetry's format (see: https://github.com/dependabot/dependabot-core/blob/main/python/lib/dependabot/python/file_parser/python_requirement_parser.rb#L57), but PEP621 offered a common way to define which version of Python is required using
requires-pythonin pyproject.toml: https://packaging.python.org/en/latest/specifications/declaring-project-metadata/#requires-pythonIt would be great if Dependabot could support this so we could just maintain it there (currently not using Poetry, so we specify the python version in runtime.txt since we have
.python-versionin .gitignore to not conflict with pyenv virtualenvs).This was originally brought up in a comment on another issue:
Based on: #4216 (comment)_
I would like to avoid scope creep on this by just having the lower-bound of Python used (e.g. >=3.11 should use the latest 3.11, not 3.12). The linked issue (#4216) could also solve our use-case since we use pip-compile, but if that's too tricky then at least the requires-python in pyproject.toml would help us.
The text was updated successfully, but these errors were encountered: