Skip to content

Commit c7eaa4b

Browse files
committed
fix(deps): resolve packaging conflict with pip-audit on Python 3.7
pip-audit requires packaging>=21.0 on all Python versions, but we were forcing Python 3.7 to use packaging>=20.0,<21.0, creating an impossible dependency conflict during installation. Changes: - Remove Python 3.7-specific packaging<21.0 constraint - Unify Python 3.7-3.9 to use packaging>=21.0,<22.0 - Add explanatory comment about pip-audit requirement - packaging 21.x supports Python 3.7+ (only dropped 3.6) Fixes Python 3.7 Docker test failures in CI.
1 parent f91307f commit c7eaa4b

1 file changed

Lines changed: 3 additions & 4 deletions

File tree

pyproject.toml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -45,9 +45,8 @@ dependencies = [
4545
# Filelock: vendored for <3.10, external for >=3.10 (CVE-2025-68146)
4646
"filelock>=3.20.1; python_version >= '3.10'",
4747

48-
# Packaging version splits
49-
"packaging>=20.0,<21.0; python_version < '3.8'",
50-
"packaging>=21.0,<22.0; python_version >= '3.8' and python_version < '3.10'",
48+
# Packaging version splits - CRITICAL: pip-audit needs >=21.0 on ALL versions
49+
"packaging>=21.0,<22.0; python_version < '3.10'",
5150
"packaging>=23.0; python_version >= '3.10'",
5251

5352
# tomli backport for Python < 3.11
@@ -77,7 +76,7 @@ dependencies = [
7776
"safety>=3.7.0; python_version >= '3.10' and python_version < '3.14'",
7877
"marshmallow>=4.1.2; python_version >= '3.10'", # CVE-2025-68480 override
7978

80-
# pip-audit fallback
79+
# pip-audit fallback (requires packaging>=21.0 on ALL versions)
8180
"pip-audit; python_version < '3.9'",
8281
"pip-audit>=2.6.0; python_version >= '3.14'",
8382

0 commit comments

Comments
 (0)